Veracode Vulnerability DatabaseVERACODE:43909Misuse Of Cryptographic API
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
30.5%
mycli is vulnerable to a Misuse of Cryptographic API. The vulnerability arises because the config.py lacks proper data diffusion and contains repeating patterns. Specifically, the use of AES ECB encryption in this context does not provide adequate security measures. As a result, an attacker may exploit this weakness to gain access to sensitive information stored within the application.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
30.5%