Kwalletd password stores are vulnerable to codebook attacks.
Package | kde-apps/kwalletd on all architectures |
---|---|
Affected versions | < 4.14.3-r2 |
Unaffected versions | >= 4.14.3-r2 |
Kwalletd is is a credentials management application for KDE.
Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store.
Local attackers, with access to the password store, could conduct a codebook attack in order to obtain confidential passwords.
There is no known workaround at this time.
All kwalletd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-apps/kwalletd-4.14.3-r1"
Release date
June 27, 2016
Latest revision
June 27, 2016: 1
Severity
normal
Exploitable
local
Bugzilla entries