Lucene search

[email protected]NVD:CVE-2013-7252

HistoryJan 18, 2015 - 6:59 p.m.

CVE-2013-7252

2015-01-1818:59:00

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

74.1%

JSON

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.

Affected configurations

Nvd

Node

kdekde_applicationsRange≤14.11.3

VendorProductVersionCPE
kdekde_applications*cpe:2.3:a:kde:kde_applications:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kde	kde_applications	*	cpe:2.3:a:kde:kde_applications::::::::

References

gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/

www.openwall.com/lists/oss-security/2014/01/02/3

www.openwall.com/lists/oss-security/2015/01/09/7

www.securityfocus.com/bid/67716

bugzilla.redhat.com/show_bug.cgi?id=1048168

security.gentoo.org/glsa/201606-19

www.kde.org/info/security/advisory-20150109-1.txt

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

74.1%

JSON

Related for NVD:CVE-2013-7252

cvelist1 prion1 nessus6 ubuntucve1 freebsd1 cve1 mageia1 openvas4 debiancve1 gentoo1 fedora2