CVE-2013-7252 - OpenCVE

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kde	Kde Applications

Configuration 1 [-]

cpe:2.3:a:kde:kde_applications:*:*:*:*:*:*:*:*

References

Link	Resource
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/	Exploit
http://www.openwall.com/lists/oss-security/2014/01/02/3
http://www.openwall.com/lists/oss-security/2015/01/09/7
http://www.securityfocus.com/bid/67716	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1048168	Issue Tracking
https://security.gentoo.org/glsa/201606-19	Third Party Advisory
https://www.kde.org/info/security/advisory-20150109-1.txt	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2015-01-18T18:00:00

Updated: 2016-07-25T16:57:02

Reserved: 2014-01-02T00:00:00

Link: CVE-2013-7252

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-01-18T18:59:00.050

Modified: 2016-08-02T13:58:52.697

Link: CVE-2013-7252

JSON object: View

Redhat Information

No data.

CWE

CWE-310

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kde:kde_applications:*:*:*:*:*:*:*:*", "matchCriteriaId": "57F80208-1520-4A01-B357-0E85CC029F4A", "versionEndIncluding": "14.11.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack."}, {"lang": "es", "value": "kwalletd en KWallet anterior a las aplicaciones KDE 14.12.0 utiliza Blowfish con el modo ECB en lugar del modo CBC cuando codifica el almac\u00e9n de contrase\u00f1as, lo que facilita a atacantes adivinar las contrase\u00f1as a trav\u00e9s de un ataque de libro de c\u00f3digos (codebook)."}], "id": "CVE-2013-7252", "lastModified": "2016-08-02T13:58:52.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-18T18:59:00.050", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/01/02/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/01/09/7"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/67716"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048168"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201606-19"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.kde.org/info/security/advisory-20150109-1.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}