EUVD-2017-0161

Malware in sbrugna...

Packetizer AES Crypt 授权问题漏洞

Packetizer AES Crypt is an advanced file encryption utility from Packetizer. Easily and securely encrypt files using the industry standard Advanced Encryption Standard AES. A security vulnerability exists in Packetizer AES Crypt version 3.11, which stems from a failure to check the length of the...

Aescrypt does not sufficiently use random values

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

GHSA-4C4W-3Q45-HP9J Aescrypt does not sufficiently use random values

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

Insecure Encryption

aescrypt uses a vulnerable encryption method. The method is vulnerable because it does not randomize the CBC IV when encrypting and decrypting data. This allows attackers to easily defeat the cryptographic mechanism by guessing the CBC IV...

Plaintext Message Recovery

aescrypt uses an insecure cipher. The library uses the unauthenticated encryption mode CBC encryption which is vulnerable to ciphertext attacks allowing attackers to make undetectable changes to the plaintext...

Ruby aescrypt gem has multiple security bypass vulnerabilities

Ruby is a cross-platform, object-oriented, dynamically-typed programming language developed by Japanese software developer Yukihiro Matsumoto. aescrypt gem is used as one of the file encryption and decryption tools. A security bypass vulnerability exists in Ruby aescrypt gem version 1.0.0. An...

Design/Logic Flaw

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

CVE-2013-7463

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

CVE-2013-7463

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

CVE-2013-7463

The CVE refers to the aescrypt gem (Ruby) version 1.0.0, where CBC IVs are not randomized for AESCrypt.encrypt and AESCrypt.decrypt. This omission enables a chosen-plaintext attack that defeats cryptographic protection. The NVD entry lists CVSS v3.0 base score 7.5 (HIGH) with network attack, no p...

Vulnerability in aescrypt because IV is not randomized

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...