GLSA-201606-19 : kwalletd: Information disclosure
Medium Nessus Plugin ID 91864
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201606-19 (kwalletd: Information disclosure)
Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when encrypting the password store.
Local attackers, with access to the password store, could conduct a codebook attack in order to obtain confidential passwords.
There is no known workaround at this time.
SolutionAll kwalletd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-apps/kwalletd-4.14.3-r1'