Moderate severity vulnerability that affects aescrypt

2017-10-24T18:33:36
ID GHSA-4C4W-3Q45-HP9J
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:00

Description

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.