Lucene search
Guenaelle De Julis1337DAY-ID-27165HistoryMar 01, 2017 - 12:00 a.m.
sysPass >= 2.0 risky cryptographic algorithm usage Vulnerability
2017-03-0100:00:00
Guenaelle De Julis
0day.today
22
0.002 Low
EPSS
Percentile
60.7%
Exploit for php platform in category web applications
############################################################
CVE-2017-5999 - sysPass risky cryptographic algorithm usage
############################################################
Credit: Guenaelle De Julis & Quentin Olagne
CVE: CVE-2017-5999
Dates: 14/02/2017
Vendor: sysPass
Product: sysPass
Versions Affected: * >= 2.0
Risk / Severity Rating: 4.4 CVSSv2
#####################################################
SysPass product implement a risky cryptographic algorithm usage declared in the file 'Syspass/inc/SP/Core/Crypt.class'.
Functions such as GetIV() or encrypt() are vulnerable since they rely on 'Crypt.class' file.
An attacker could use this non standard AES-256 implementation (MCRYPT_RIJNDAEL_256()) to potentially break this cipher.
The fact that MCRYPT_RIJNDAEL_256() works with 256 bits block size instead of 128 bits changes the used constants (polynoms and matrix) which have not been thoroughly checked by the community.
#########
Solution
#########
Use the latest version of the product (2.1)
####################
Greetz & Shout-outs
####################
Guenaelle De Julis
# 0day.today [2018-04-10] #Related
nvd
nvd
CVE-2017-5999
2017-03-06 06:59:00
prion
prion
Design/Logic Flaw
2017-03-06 06:59:00
cve
cve
CVE-2017-5999
2017-03-06 06:59:00
osv
osv
CVE-2017-5999
2017-03-06 06:59:00
cvelist
cvelist
CVE-2017-5999
2017-03-06 06:11:00