Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7252

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-7252
Last Modified 21 Jan 2015 12:37:46
Published 18 Jan 2015 01:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-7252

Summary

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.

Vulnerable Systems

Application

  • Kde Applications 14.11.3


References

CONFIRM - https://www.kde.org/info/security/advisory-20150109-1.txt

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1048168

BID - 67716

MLIST - [oss-security] 20150109 Re: CVE Request: kwallet: incorrect CBC encryption handling

MLIST - [oss-security] 20140102 kwallet crypto misuse

MISC - http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/


Last Updated: 27 May 2016 10:47:32