CVE-2013-6394

2013-12-1318:07:00

CWE-310

[email protected]

web.nvd.nist.gov

percona xtrabackup

cve-2013-6394

cryptography

plaintext attacks

5.5 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

13.9%

JSON

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.

CPENameOperatorVersion
percona:xtrabackuppercona xtrabackupeq2.1.0
percona:xtrabackuppercona xtrabackupeq2.1.2
percona:xtrabackuppercona xtrabackuple2.1.5
percona:xtrabackuppercona xtrabackupeq2.1.4
percona:xtrabackuppercona xtrabackupeq2.1.3
percona:xtrabackuppercona xtrabackupeq2.1.1
opensuse:opensuseopensuseeq13.1

CPE	Name	Operator	Version
percona:xtrabackup	percona xtrabackup	eq	2.1.0
percona:xtrabackup	percona xtrabackup	eq	2.1.2
percona:xtrabackup	percona xtrabackup	le	2.1.5
percona:xtrabackup	percona xtrabackup	eq	2.1.4
percona:xtrabackup	percona xtrabackup	eq	2.1.3
percona:xtrabackup	percona xtrabackup	eq	2.1.1
opensuse:opensuse	opensuse	eq	13.1