CVE-2013-7252
Published: 18 January 2015
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
Notes
| Author | Note |
|---|---|
| mdeslaur | fixing this would require migrating existing wallets. 4.12 is switching to a gnupg backend. Marking as ignored, since changes are too intrusive to backport. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
kde-runtime Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Ignored
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was not-affected [4:4.13.3-0ubuntu0.1])
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
|
|
|
kdebase-runtime Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|