181 matches found
CVE-2013-7252
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...
Code injection
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...
CVE-2013-7252
KWallet's kwalletd (KWallet before KDE Applications 14.12.0) uses Blowfish with ECB mode to encrypt the password store instead of CBC, enabling codebook-style attacks to guess passwords when the password store is accessible. This vulnerability is documented across multiple advisories (GLSA-201606...
CVE-2013-7252
Removed by vendor...
McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure Exploit
This Metasploit module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the...
KDE Konversation / Quassel IRC memory corruption
Memory corruption on ECB decryption...
[USN-2401-1] Konversation vulnerability
========================================================================== Ubuntu Security Notice USN-2401-1 November 10, 2014 konversation vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
Fedora 20 : konversation-1.5.1-1.fc20 (2014-13791)
Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. See also: https://konversation.kde.org/ Note that Tenable Network Security has extracted the precedi...
Fedora 19 : konversation-1.5.1-1.fc19 (2014-13702)
Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. See also: https://konversation.kde.org/ Note that Tenable Network Security has extracted the precedi...
openSUSE Security Update : konversation (openSUSE-SU-2014:1406-1)
konversation was updated to version 1.5.1, fixing bugs and one security issue. Changes : - Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. The KDE...
Fedora 21 : konversation-1.5.1-1.fc21 (2014-13837)
Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. See also: https://konversation.kde.org/ Note that Tenable Network Security has extracted the precedi...
Ubuntu 12.04 LTS : konversation vulnerability (USN-2401-1)
Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubunt...
Ubuntu: Security Advisory (USN-2401-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2401-1: Konversation vulnerability
Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service...
konversation: denial of service
Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user...
FreeBSD : Konversation -- out-of-bounds read on a heap-allocated array (0167f5ad-64ea-11e4-98c1-00269ee29e57)
Konversation developers report : Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user. %NASLMINLEVEL 70300 C Tenable Network...
Konversation -- out-of-bounds read on a heap-allocated array
Konversation developers report: Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user...
Updated quassel packages fix security vulnerability
Due to and out-of-bounds read issue in Quassel core in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message CVE-2014-8483...
HP Intelligent Management Center < 7.0 E0102 DES / ECB Weak Decryption Key
The version of HP Intelligent Management Center on the remote host is affected by a vulnerability that could allow an attacker to gain access to administrative credentials. This is due to the fact that a static decryption key is used with DES in ECB mode to store the credentials. %NASLMINLEVEL...
Hewlett-Packard Intelligent Management Center CommonUtils Static DES/ECB Decryption Key Vulnerability
This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommonUtil class. This application uses a stat...