Lucene search

K
osvGoogleOSV:GHSA-4C4W-3Q45-HP9J
HistoryOct 24, 2017 - 6:33 p.m.

Aescrypt does not sufficiently use random values

2017-10-2418:33:36
Google
osv.dev
7

0.002 Low

EPSS

Percentile

55.1%

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.

CPENameOperatorVersion
aescrypteq1.0.0

0.002 Low

EPSS

Percentile

55.1%

Related for OSV:GHSA-4C4W-3Q45-HP9J