CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/	Exploit
http://www.openwall.com/lists/oss-security/2014/01/02/3
http://www.openwall.com/lists/oss-security/2015/01/09/7
http://www.securityfocus.com/bid/67716	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1048168	Issue Tracking
https://security.gentoo.org/glsa/201606-19	Third Party Advisory
https://www.kde.org/info/security/advisory-20150109-1.txt	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kde:kde_applications:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-01-18 18:59

Updated : 2024-02-04 18:35

NVD link : CVE-2013-7252

Mitre link : CVE-2013-7252

CVE.ORG link : CVE-2013-7252

JSON object : View

Products Affected

kde

kde_applications

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2013-7252", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-18T18:59:00.050", "references": [{"url": "http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2014/01/02/3", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/09/7", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/67716", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048168", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201606-19", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.kde.org/info/security/advisory-20150109-1.txt", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack."}, {"lang": "es", "value": "kwalletd en KWallet anterior a las aplicaciones KDE 14.12.0 utiliza Blowfish con el modo ECB en lugar del modo CBC cuando codifica el almac\u00e9n de contrase\u00f1as, lo que facilita a atacantes adivinar las contrase\u00f1as a trav\u00e9s de un ataque de libro de c\u00f3digos (codebook)."}], "lastModified": "2016-08-02T13:58:52.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kde:kde_applications:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57F80208-1520-4A01-B357-0E85CC029F4A", "versionEndIncluding": "14.11.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}