Lucene search
PRIOn knowledge basePRION:CVE-2020-8929HistoryOct 19, 2020 - 1:15 p.m.
Design/Logic Flaw
2020-10-1913:15:00
PRIOn knowledge base
www.prio-n.com
6
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.
Related
osv
osv
PYSEC-2020-142
2020-10-19 13:15:00
Ciphertext Malleability Issue in Tink Java
2020-10-16 00:51:24
CVE-2020-8929
2020-10-19 13:15:13
nvd
nvd
CVE-2020-8929
2020-10-19 13:15:13
github
github
Ciphertext Malleability Issue in Tink Java
2020-10-16 00:51:24
cvelist
cvelist
CVE-2020-8929 Ciphertext integrity weakness in Tink
2020-10-19 12:15:16
cve
cve
CVE-2020-8929
2020-10-19 13:15:13
veracode
veracode
Malleable Ciphertext
2020-10-19 02:00:46