3 matches found
CVE-2017-5999
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...
CVE-2017-5999
The vulnerability CVE-2017-5999 affects sysPass 2.x before 2.1. The root cause is a cryptographic implementation using MCRYPT_RIJNDAEL_256() (256-bit block version) instead of MCRYPT_RIJNDAEL_128 (AES). This could allow an attacker to cause unknown havoc on the remote system. The connected source...
sysPass >= 2.0 risky cryptographic algorithm usage Vulnerability
Exploit for php platform in category web applications CVE-2017-5999 - sysPass risky cryptographic algorithm usage Credit: Guenaelle De Julis & Quentin Olagne CVE: CVE-2017-5999 Dates: 14/02/2017 Vendor: sysPass Product: sysPass Versions Affected: = 2.0 Risk / Severity Rating: 4.4 CVSSv2 SysPass...