{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-24T00:00:00", "descriptions": [{"lang": "en", "value": "kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-07-25T16:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/"}, {"name": "67716", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67716"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.kde.org/info/security/advisory-20150109-1.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048168"}, {"name": "[oss-security] 20140102 kwallet crypto misuse", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/01/02/3"}, {"name": "GLSA-201606-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201606-19"}, {"name": "[oss-security] 20150109 Re: CVE Request: kwallet: incorrect CBC encryption  handling", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/01/09/7"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:01:20.414Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/"}, {"name": "67716", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67716"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.kde.org/info/security/advisory-20150109-1.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048168"}, {"name": "[oss-security] 20140102 kwallet crypto misuse", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/01/02/3"}, {"name": "GLSA-201606-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201606-19"}, {"name": "[oss-security] 20150109 Re: CVE Request: kwallet: incorrect CBC encryption  handling", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/01/09/7"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-7252", "datePublished": "2015-01-18T18:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2024-08-06T18:01:20.414Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kde:kde_applications:*:*:*:*:*:*:*:*", "matchCriteriaId": "57F80208-1520-4A01-B357-0E85CC029F4A", "versionEndIncluding": "14.11.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack."}, {"lang": "es", "value": "kwalletd en KWallet anterior a las aplicaciones KDE 14.12.0 utiliza Blowfish con el modo ECB en lugar del modo CBC cuando codifica el almac\u00e9n de contrase\u00f1as, lo que facilita a atacantes adivinar las contrase\u00f1as a trav\u00e9s de un ataque de libro de c\u00f3digos (codebook)."}], "id": "CVE-2013-7252", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-18T18:59:00.050", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/01/02/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/01/09/7"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/67716"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048168"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201606-19"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.kde.org/info/security/advisory-20150109-1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/01/02/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/01/09/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/67716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201606-19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.kde.org/info/security/advisory-20150109-1.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kwallet: crypto misuse", "id": "1048168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048168"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "draft"}, "cwe": "CWE-327", "details": ["kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack."], "name": "CVE-2013-7252", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kdebase-runtime", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kwallet", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2013-07-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-7252\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7252"], "threat_severity": "Low"}