7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.1%
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.
www.securityfocus.com/bid/98035
github.com/Gurpartap/aescrypt/issues/4