CVE-2013-7463

The CVE refers to the aescrypt gem (Ruby) version 1.0.0, where CBC IVs are not randomized for AESCrypt.encrypt and AESCrypt.decrypt. This omission enables a chosen-plaintext attack that defeats cryptographic protection. The NVD entry lists CVSS v3.0 base score 7.5 (HIGH) with network attack, no p...