Vulnerability Details : CVE-2013-7252
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
Products affected by CVE-2013-7252
- cpe:2.3:a:kde:kde_applications:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-7252
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-7252
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-7252
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7252
-
http://www.openwall.com/lists/oss-security/2014/01/02/3
oss-security - kwallet crypto misuse
-
http://www.securityfocus.com/bid/67716
kwallet Weak Stored Password Encryption Local Security WeaknessThird Party Advisory
-
https://www.kde.org/info/security/advisory-20150109-1.txt
Patch;Vendor Advisory
-
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
KWallet Security Analysis | Gaganpreet's blogExploit
-
https://security.gentoo.org/glsa/201606-19
kwalletd: Information disclosure (GLSA 201606-19) — Gentoo securityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/01/09/7
oss-security - Re: CVE Request: kwallet: incorrect CBC encryption handling
-
https://bugzilla.redhat.com/show_bug.cgi?id=1048168
1048168 – (CVE-2013-7252) CVE-2013-7252 kwallet: crypto misuseIssue Tracking
Jump to