CVE-2013-7252

critical

Description

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.

References

https://www.kde.org/info/security/advisory-20150109-1.txt

https://security.gentoo.org/glsa/201606-19

https://bugzilla.redhat.com/show_bug.cgi?id=1048168

http://www.securityfocus.com/bid/67716

http://www.openwall.com/lists/oss-security/2015/01/09/7

http://www.openwall.com/lists/oss-security/2014/01/02/3

Details

Source: Mitre, NVD

Published: 2015-01-18

Updated: 2016-08-02

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics