4 matches found
CVE-2025-13353
In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. An attacker can recover all...
CVE-2025-13353
In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...
gokey 安全漏洞
gokey is a Go language library open-sourced by Cloudflare. A security vulnerability exists in gokey versions prior to 0.2.0, which stems from a flaw in the seed decryption logic that could lead to password entropy reduction and password recovery attacks...