Joined: 12 May 2004
|Posted: Tue Jun 28, 2016 12:26 am Post subject: [ GLSA 201606-19 ] kwalletd
|Gentoo Linux Security Advisory
Title: kwalletd: Information disclosure (GLSA 201606-19)
Date: June 27, 2016
Kwalletd password stores are vulnerable to codebook attacks.
Kwalletd is is a credentials management application for KDE.
Vulnerable: < 4.14.3-r2
Unaffected: >= 4.14.3-r2
Architectures: All supported architectures
Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when
encrypting the password store.
Local attackers, with access to the password store, could conduct a
codebook attack in order to obtain confidential passwords.
There is no known workaround at this time.
All kwalletd users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-apps/kwalletd-4.14.3-r1"