Vulnerability CVE-2013-7252

Vulnerability Name:

CVE-2013-7252 (CCN-90025)

Assigned:

2013-07-24

Published:

2013-07-24

Updated:

2016-08-02

Summary:

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-310

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2013-7252

Source: CCN
Type: Gaganpreet's blog
KWallet Security Analysis

Source: MISC
Type: Exploit
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/

Source: CCN
Type: Kwallet Web site
KDE - Experience Freedom!

Source: CCN
Type: oss-sec Mailing List: Thu, 2 Jan 2014
kwallet crypto misuse

Source: MLIST
Type: UNKNOWN
[oss-security] 20140102 kwallet crypto misuse

Source: MLIST
Type: UNKNOWN
[oss-security] 20150109 Re: CVE Request: kwallet: incorrect CBC encryption handling

Source: BID
Type: Third Party Advisory
67716

Source: CCN
Type: BID-67716
kwallet Weak Stored Password Encryption Local Security Weakness

Source: CONFIRM
Type: Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1048168

Source: XF
Type: UNKNOWN
kwallet-cve20137252-sec-bypass(90025)

Source: GENTOO
Type: Third Party Advisory
GLSA-201606-19

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.kde.org/info/security/advisory-20150109-1.txt

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-7252

Vulnerable Configuration:

Configuration 1:

cpe:/a:kde:kde_applications:*:*:*:*:*:*:*:* (Version <= 14.11.3)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20137252	V	CVE-2013-7252	2022-05-20
oval:org.opensuse.security:def:32235	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:31711	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:30156	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:33055	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:30260	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:26134	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:55950	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:33950	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:31637	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:30211	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:36159	P	kdebase4-runtime-4.3.5-0.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55912	P	Security update for spice-gtk (Important)	2021-06-08
oval:org.opensuse.security:def:42566	P	kdebase4-runtime-4.3.5-0.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:56031	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:33661	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:55187	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:26050	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:32079	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:34411	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:33893	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:33104	P	Security update for tar (Low)	2021-03-29
oval:org.opensuse.security:def:28958	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:34039	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:33083	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:55838	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:32998	P	Security update for python-urllib3 (Moderate)	2021-02-03
oval:org.opensuse.security:def:30003	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31626	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:31625	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:34342	P	Security update for openexr (Moderate)	2020-12-23
oval:org.opensuse.security:def:57381	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:25720	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:55081	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26955	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33166	P	libnetpbm10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27269	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32604	P	star on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26440	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:29556	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25912	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:55353	P	perl-XML-LibXML on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27043	P	tar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33848	P	Security update for hplip	2020-12-01
oval:org.opensuse.security:def:27344	P	libcurl4-openssl1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32755	P	ofed on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29061	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:27122	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29568	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:55746	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:28045	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:27554	P	rubygem-actionpack-3_2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30318	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:33566	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29773	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26285	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:28718	P	Security update for kdebase4-runtime	2020-12-01
oval:org.opensuse.security:def:26325	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27695	P	Security update for Image Magick	2020-12-01
oval:org.opensuse.security:def:31000	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:33578	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29917	P	Security update for libdb-4_5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26387	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:32445	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26337	P	Security update for freexl (Low)	2020-12-01
oval:org.opensuse.security:def:31935	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:27899	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:34367	P	Security update for tftp	2020-12-01
oval:org.opensuse.security:def:28370	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:33797	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27057	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33122	P	kdebase4-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54507	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26529	P	cifs-mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27987	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:35049	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:28449	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27739	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:54530	P	libXvnc1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26667	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32291	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29161	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32380	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28665	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:34196	P	Security update for patch (Important)	2020-12-01
oval:org.opensuse.security:def:25709	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:54908	P	libplist++3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26902	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33143	P	libcgroup1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29835	P	Security update for kdebase4-runtime	2020-12-01
oval:org.opensuse.security:def:27268	P	popt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32469	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:28806	P	Security update for pam	2020-12-01
oval:org.opensuse.security:def:34303	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:57307	P	Security update for cabextract (Moderate)	2020-12-01
oval:org.opensuse.security:def:25784	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:27004	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33210	P	nagios on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27280	P	python-pywbem on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32698	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29012	P	Security update for hawk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26484	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:29557	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:25993	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:55638	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28001	P	Security update for SDL_image (Moderate)	2020-12-01
oval:org.opensuse.security:def:33887	P	Security update for kdebase4-runtime	2020-12-01
oval:org.opensuse.security:def:27472	P	libpng-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32842	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29100	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:27157	P	kdebase4-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29641	P	Security update for ctags (Moderate)	2020-12-01
oval:org.opensuse.security:def:28683	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:27611	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:30362	P	Security update for wireshark	2020-12-01
oval:org.opensuse.security:def:33567	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29860	P	Security update for the Linux Kernel	2020-12-01
oval:org.opensuse.security:def:26338	P	Security update for Chromium (Moderate)	2020-12-01
oval:org.opensuse.security:def:32401	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:26326	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:31843	P	Security update for cairo (Moderate)	2020-12-01
oval:org.opensuse.security:def:27846	P	Security update for openldap2	2020-12-01
oval:org.opensuse.security:def:31037	P	Security update for kdebase4-runtime	2020-12-01
oval:org.opensuse.security:def:28369	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26426	P	Security update for singularity (Moderate)	2020-12-01
oval:org.opensuse.security:def:26401	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31992	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27948	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28381	P	Security update for rubygem-actionpack-3_2 (Important)	2020-12-01
oval:org.opensuse.security:def:27101	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54508	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26610	P	log4net on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29117	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:35089	P	Security update for kdebase4-runtime	2020-12-01
oval:org.opensuse.security:def:32379	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28580	P	Security update for libproxy	2020-12-01
oval:org.opensuse.security:def:30299	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:27774	P	Security update for kdebase4-runtime	2020-12-01
oval:org.opensuse.security:def:25708	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:54670	P	rpcbind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26751	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32340	P	Security update for socat (Moderate)	2020-12-01
oval:org.opensuse.security:def:29799	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:32391	P	Security update for tomcat6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28722	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:34254	P	Security update for postgresql91	2020-12-01
oval:org.opensuse.security:def:80015	P	Security update for kdebase4-runtime	2015-03-05
oval:com.ubuntu.precise:def:20137252000	V	CVE-2013-7252 on Ubuntu 12.04 LTS (precise) - low.	2015-01-18
oval:com.ubuntu.trusty:def:20137252000	V	CVE-2013-7252 on Ubuntu 14.04 LTS (trusty) - low.	2015-01-18

BACK