PT-2015-3573 · Kde+1 · Wallet+1

Itay Duvdevani

Published

2015-01-18

Updated

2016-08-02

CVE-2013-7252

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions KWallet versions prior to 14.12.0

Description The issue concerns the use of Blowfish with ECB mode instead of CBC mode when encrypting the password store in kwalletd. This makes it easier for attackers to guess passwords via a codebook attack.

Recommendations For versions prior to 14.12.0, update to KDE Applications 14.12.0 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2013-7252

MGASA-2015-0044

SUSE-SU-2015_0512-1

Affected Products

Wallet

Suse

PT-2015-3573 · Kde+1 · Wallet+1

CVE-2013-7252

Weakness Enumeration

Related Identifiers

Affected Products

References · 24