GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Jun 28, 2016 12:26 am Post subject: [ GLSA 201606-19 ] kwalletd |
 |
|
Gentoo Linux Security Advisory
Title: kwalletd: Information disclosure (GLSA 201606-19)
Severity: normal
Exploitable: local
Date: June 27, 2016
Bug(s): #496768
ID: 201606-19
Synopsis
Kwalletd password stores are vulnerable to codebook attacks.
Background
Kwalletd is is a credentials management application for KDE.
Affected Packages
Package: kde-apps/kwalletd
Vulnerable: < 4.14.3-r2
Unaffected: >= 4.14.3-r2
Architectures: All supported architectures
Description
Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when
encrypting the password store.
Impact
Local attackers, with access to the password store, could conduct a
codebook attack in order to obtain confidential passwords.
Workaround
There is no known workaround at this time.
Resolution
All kwalletd users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=kde-apps/kwalletd-4.14.3-r1"
|
References
CVE-2013-7252 |
|
News & Announcements
