KWallet Encryption Flaw in KDE Applications by KDE
CVE-2013-7252

Currently unrated

Key Information:

Vendor: Kde
Status: Kde Applications
Vendor: CVE Published:; 18 January 2015

What is CVE-2013-7252?

KWallet prior to version 14.12.0 has a security flaw in its password encryption methodology. The use of Blowfish in ECB mode instead of the more secure CBC mode leaves the encrypted data vulnerable to codebook attacks, making it significantly easier for attackers to guess passwords. This misconfiguration compromises the integrity of user credentials, highlighting the importance of employing robust encryption standards to protect sensitive information.

References

http://gaganpreet.in/blog/2013/07/24/kwallet-security-ana...

x_refsource_MISC

http://www.securityfocus.com/bid/67716

vdb-entryx_refsource_BID

https://www.kde.org/info/security/advisory-20150109-1.txt

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2015
Vulnerability Reserved
Jan 2, 2014

CVE-2013-7252 Data

JSON

Kde

What is CVE-2013-7252?

References

Timeline