CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
kdekde_applications
𝑥
≤ 14.11.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kde-runtime
utopic
not-affected
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
dne
kdebase-runtime
utopic
dne
trusty
dne
saucy
dne
raring
dne
quantal
dne
precise
dne
lucid
ignored
Common Weakness Enumeration
References
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
http://www.openwall.com/lists/oss-security/2014/01/02/3
http://www.openwall.com/lists/oss-security/2015/01/09/7
http://www.securityfocus.com/bid/67716
https://bugzilla.redhat.com/show_bug.cgi?id=1048168
https://security.gentoo.org/glsa/201606-19
https://www.kde.org/info/security/advisory-20150109-1.txt
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
http://www.openwall.com/lists/oss-security/2014/01/02/3
http://www.openwall.com/lists/oss-security/2015/01/09/7
http://www.securityfocus.com/bid/67716
https://bugzilla.redhat.com/show_bug.cgi?id=1048168
https://security.gentoo.org/glsa/201606-19
https://www.kde.org/info/security/advisory-20150109-1.txt