FreeBSD : kde-runtime -- incorrect CBC encryption handling (7a8a74d1-9c34-11e4-a40b-5453ed2e2b49)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Valentin Rusu reports :

Until KDE Applications 14.12.0, kwalletd incorrectly handled CBC
encryption blocks when encrypting secrets in kwl files. The secrets
were still encrypted, but the result binary data corresponded to an
ECB encrypted block instead of CBC.

The ECB encryption algorithm, even if it'll scramble user data, will
produce same encrypted byte sequence for the same input text. As a
result, attackers may eventually find-out the encrypted text.

See also :

https://www.kde.org/info/security/advisory-20150109-1.txt
http://www.nessus.org/u?64ae7969

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 80537 ()

Bugtraq ID:

CVE ID: CVE-2013-7252

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now