CVE-2013-7252

NameCVE-2013-7252
Descriptionkwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kde-runtime (PTS)jessie4:4.14.2-2fixed
stretch4:16.08.3-2fixed
buster4:17.08.3-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kde-runtimesource(unstable)4:4.12.2-1
kdebase-runtimesource(unstable)(unfixed)

Notes

[wheezy] - kde-runtime <no-dsa> (4.12 introduces a GnuPG backend, no backport planned)
[squeeze] - kdebase-runtime <no-dsa> (4.12 introduces a GnuPG backend, no backport planned)
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
Upstream advisory: https://www.kde.org/info/security/advisory-20150109-1.txt

Search for package or bug name: Reporting problems