Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
www.debian.org/security/2012/dsa-2541
www.openwall.com/lists/oss-security/2012/08/13/10
bugzilla.redhat.com/show_bug.cgi?id=809267
github.com/advisories/GHSA-39vm-p9mr-4r27
github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5
nvd.nist.gov/vuln/detail/CVE-2012-3458
web.archive.org/web/20140724164516/secunia.com/advisories/50226
web.archive.org/web/20140725025612/secunia.com/advisories/50520