11 matches found
SUSE CVE-2025-13353
In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...
RUSTSEC-2026-0026 Unnecessary clamping of seed reduces seed entropy to 251 bits
The latest releases of the libcrux-ed25519 crate contains the following bug-fix: 1320: Remove duplicated clamping step during key generation The issue fixed in 1320 was first reported by Nadim Kobeissi...
CVE-2025-13353
In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...
GHSA-69JW-4JJ8-FCXM gokey allows secret recovery from a seed file without the master password
In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...
CVE-2025-13353
In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...
EUVD-2025-200219
In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...
CVE-2025-13353
The CVE-2025-13353 issue affects gokey versions prior to 0.2.0, where a flaw in the seed decryption logic caused passwords/secrets derived from a seed file to be generated from only 28 bytes of entropy (instead of using the full seed, 240 bytes). This allowed a malicious actor with just the seed ...
PT-2025-48664
In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...
Recommended update of flake-pilot (moderate)
openSUSE security update: recommended update of flake-pilot ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20000-1 Rating: moderate References: bsc1248004 Cross-References: CVE-2025-55159 CVSS scores: CVE-2025-55159 SUSE : 5.8...
Inadequate Encryption Strength
Overview trustwallet/wallet-core is a mobile-focused library implementing low-level cryptographic wallet functionality for a high number of blockchains Affected versions of this package are vulnerable to Inadequate Encryption Strength in its mt19937 seed generation, which has only 32 bits of...
Humhub Insecure Password Validation / Reset
Humhub insecure password validation and reset design + Discovered by: Jos Wetzels + Affects: Humhub password == $this-hashPassword$password Here a hash of the user-supplied password gets compared to the stored hash in an insecure manner, since PHP's loose type comparison operators compare only...