CVE-2023-43637
The CVE describes a cryptographic weakness in EVE’s deriveVaultKey used by the vault key derivation flow. Before version 7.10, the generated 32-byte vault key was weakened because deriveVaultKey calls retrieveCloudKey (which returns a fixed 32-byte key) and then merges it with the random 32-byte ...