CVE-2013-7252

Published Jan 18, 2015

Last updated 8 years ago

Overview

Description: kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kde:kde_applications:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57F80208-1520-4A01-B357-0E85CC029F4A",
            "versionEndIncluding": "14.11.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References