kwallet crypto misuse

2014.01.02
Credit: Florian Weimer
Risk: Low
Local: Yes
Remote: No
CVE: CVE-2013-7252
CWE: N/A


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

I just noticed this is now public: <http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/> Short summary: kwallet uses Blowfish to encrypt its password store, and despite an attempt at implementing CBC mode (in a file called cbc.cc no less), it's actually ECB mode. UTF-16 encoding combined with Blowfish's 64 bit block size means there are just four password characters per block. Encryption is convergent as well. This may enable recovery of passwords through codebook attacks. Should we treat this as a minor vulnerability? http://security.stackexchange.com/a/44010/32167 then fill it with zeros; then XOR all these zeros with the data to encrypt (which won't change the data...); then proceed to encrypt each block independently of each other. This is, indeed, ECB mode, not CBC. It is quite obvious that this is a programming error ... This implies that the random IV which was computed does nothing here; it is encrypted by itself but does not impact any other byte in the whole file.

References:

http://seclists.org/oss-sec/2014/q1/3
http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
http://security.stackexchange.com/a/44010/32167


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top