CVE-2013-7252

{"id": "CVE-2013-7252", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-18T18:59:00.050", "references": [{"url": "http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2014/01/02/3", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/09/7", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/67716", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048168", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201606-19", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.kde.org/info/security/advisory-20150109-1.txt", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2014/01/02/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/09/7", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/67716", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048168", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201606-19", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kde.org/info/security/advisory-20150109-1.txt", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack."}, {"lang": "es", "value": "kwalletd en KWallet anterior a las aplicaciones KDE 14.12.0 utiliza Blowfish con el modo ECB en lugar del modo CBC cuando codifica el almac\u00e9n de contrase\u00f1as, lo que facilita a atacantes adivinar las contrase\u00f1as a trav\u00e9s de un ataque de libro de c\u00f3digos (codebook)."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kde:kde_applications:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57F80208-1520-4A01-B357-0E85CC029F4A", "versionEndIncluding": "14.11.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}