45 matches found
EUVD-2017-0161
Malware in sbrugna...
EUVD-2003-0134
Malware in sbrugna...
Insecure Encryption
Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used by the library is set...
Aescrypt does not sufficiently use random values
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...
GHSA-4C4W-3Q45-HP9J Aescrypt does not sufficiently use random values
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...
Design/Logic Flaw
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...
CVE-2013-7463
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...
CVE-2013-7463
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...
CVE-2013-7463
The CVE refers to the aescrypt gem (Ruby) version 1.0.0, where CBC IVs are not randomized for AESCrypt.encrypt and AESCrypt.decrypt. This omission enables a chosen-plaintext attack that defeats cryptographic protection. The NVD entry lists CVSS v3.0 base score 7.5 (HIGH) with network attack, no p...
Design/Logic Flaw
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...
UBUNTU-CVE-2016-6225
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...
CVE-2016-6225
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...
CVE-2016-6225
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...
CVE-2016-6225
CVE-2016-6225 affects Percona XtraBackup’s xbcrypt: versions prior to 2.3.6 (and 2.4.x prior to 2.4.5) fail to properly set the initialization vector (IV) for encryption, enabling context-dependent attackers to potentially obtain sensitive data from encrypted backups via a Chosen-Plaintext attack...
CVE-2016-6225
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...
openSUSE Security Update : mozilla-nss (openSUSE-2011-100) (BEAST)
Added a patch to fix errors in the pkcs11n.h header file. bmo702090 - update to 3.13.1 RTM - better SHA-224 support bmo647706 - fixed a regression causing hangs in some situations introduced in 3.13 bmo693228 - update to 3.13.0 RTM - SSL 2.0 is disabled by default - A defense against the SSL 3.0...
openSUSE Security Update : nss-201112 (openSUSE-SU-2012:0030-1) (BEAST)
The Mozilla NSS libraries were updated to version 3.13.1 to fix various bugs and security problems. Following security issues were fixed: dbg114-nss-201112-5564 newupdateinfo nss-201112-5564 SSL 2.0 is disabled by default dbg114-nss-201112-5564 newupdateinfo nss-201112-5564 A defense against the...
Vulnerability in aescrypt because IV is not randomized
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...
FreeBSD : fetchmail -- chosen plaintext attack against SSL CBC initialization vectors (18ce9a90-f269-11e1-be53-080027ef73ec) (BEAST)
Matthias Andree reports : Fetchmail version 6.3.9 enabled 'all SSL workarounds' SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...
Survey Finds Secure Sites Not So Secure
A new project that was setup to monitor the quality and strength of the SSL implementations on top sites across the Internet found that 75 percent of them are vulnerable to the BEAST SSL attack and that just 10 percent of the sites surveyed should be considered secure. The SSL Pulse project, set ...