kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
References
Link | Resource |
---|---|
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/ | Exploit |
http://www.openwall.com/lists/oss-security/2014/01/02/3 | |
http://www.openwall.com/lists/oss-security/2015/01/09/7 | |
http://www.securityfocus.com/bid/67716 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1048168 | Issue Tracking |
https://security.gentoo.org/glsa/201606-19 | Third Party Advisory |
https://www.kde.org/info/security/advisory-20150109-1.txt | Patch Vendor Advisory |
Configurations
History
No history.
Information
Published : 2015-01-18 18:59
Updated : 2024-02-28 12:20
NVD link : CVE-2013-7252
Mitre link : CVE-2013-7252
CVE.ORG link : CVE-2013-7252
JSON object : View
Products Affected
kde
- kde_applications
CWE
CWE-310
Cryptographic Issues