CVE-2012-3458

Sažetak

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.

Reference

http://secunia.com/advisories/50226
http://secunia.com/advisories/50520
http://www.debian.org/security/2012/dsa-2541
http://www.openwall.com/lists/oss-security/2012/08/13/10
https://bugzilla.redhat.com/show_bug.cgi?id=809267
https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-09-2012 - 17:43

Objavljeno

15-09-2012 - 17:55