Description
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
References (7)
Core 7
Core References
Exploit x_refsource_misc
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67716
Patch, Vendor Advisory x_refsource_confirm
https://www.kde.org/info/security/advisory-20150109-1.txt
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1048168
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/01/02/3
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201606-19
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/09/7
Scores
EPSS
0.0043
EPSS Percentile
62.8%
Details
CWE
CWE-310
Status
published
Products (1)
kde/kde_applications
< 14.11.3
Published
Jan 18, 2015
Tracked Since
Feb 18, 2026