CVE-2013-7252

high

Description

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.

References

Advisories
More

https://security.gentoo.org/glsa/201606-19

http://www.securityfocus.com/bid/67716

https://www.kde.org/info/security/advisory-20150109-1.txt

https://bugzilla.redhat.com/show_bug.cgi?id=1048168

http://www.openwall.com/lists/oss-security/2015/01/09/7

http://www.openwall.com/lists/oss-security/2014/01/02/3

Details

Source: Mitre, NVD

Published: 2015-01-18

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00535

Detections

Analytics