CVE-2021-26407

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

CVE-2021-26407

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

CVE-2021-26407

CVE-2021-26407 describes an information-disclosure risk from a collision of randomly generated IVs with the same key. Public references in AMD security bulletins enumerate affected AMD EPYC platforms and related components (ASP, SMU, SEV) and document mitigation steps via firmware/AGESA updates. ...

PT-2023-1488 · Amd · Amd System Management Unit +2

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified AMD System Management Unit SMU affected versions not specified AMD Secure Encrypted Virtualization SEV affected versions not specified Description: The issue is related to errors in...

AMD Server Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1032 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

PT-2022-6664 · Tp Link · Tp-Link Tapo C200

Name of the Vulnerable Software and Affected Versions: TP-Link Tapo C200 camera version 1.1.22 Build 220725 Description: The issue is related to the implementation of the AES encryption algorithm in the TP-Link Tapo C200 camera, which involves the reuse of the AES Key-IV pair across all cameras...

CVE-2022-26306

A flaw was found in LibreOffice, where the required initialization vector for encryption was always the same. Stored passwords are encrypted with a single master key provided by the user. This issue weakens the security of the encryption, making them vulnerable if an attacker has access to the...

CVE-2022-37400

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

CVE-2022-37400 Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

PT-2022-23973 · Apache · Apache Openoffice +1

Name of the Vulnerable Software and Affected Versions: Apache OpenOffice versions prior to 4.1.13 Description: A flaw in Apache OpenOffice exists where the required initialization vector for encryption is always the same, weakening the security of the encryption. This makes stored passwords...

Intel® IPP Cryptography Advisory

Summary: A potential security vulnerability in an Intel® Integrated Performance Primitives IPP Cryptography software library may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-26083 Description:...

DEBIAN-CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

Design/Logic Flaw

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

PT-2022-3953 · Document Foundation +8 · Libreoffice +8

Name of the Vulnerable Software and Affected Versions: LibreOffice versions prior to 7.2.7 LibreOffice versions prior to 7.3.1 Description: The issue is related to insufficiently strong encryption of data in the user configuration database of LibreOffice. This weakness can be exploited by a remot...

Magento 2 Community Edition Cryptographic Flaw

A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts...

Elixir can leak information due to weak use of crypto

Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...

GHSA-VFCG-5GGC-3RXX Elixir can leak information due to weak use of crypto

Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...

Elixir can leak information due to weak use of crypto

Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...