5

CVE-2013-7252

Exploit
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Applications Version <= 14.11.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.15% 0.797
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
Exploit
http://www.openwall.com/lists/oss-security/2014/01/02/3
http://www.openwall.com/lists/oss-security/2015/01/09/7
http://www.securityfocus.com/bid/67716
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1048168
Issue Tracking
https://security.gentoo.org/glsa/201606-19
Third Party Advisory
https://www.kde.org/info/security/advisory-20150109-1.txt
Patch
Vendor Advisory