PT-2017-16819 · Syspass · Syspass
Nuxsmin
·
Publicado
2017-03-06
·
Atualizado
2017-03-15
·
CVE-2017-5999
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
sysPass versions 2.0 through 2.1
Description
An issue was discovered in sysPass where an algorithm was never sufficiently reviewed by cryptographers. The use of the MCRYPT RIJNDAEL 256() function, which is the 256-bit block version of Rijndael and not AES, could potentially help an attacker create havoc in the remote system.
Recommendations
For sysPass versions 2.0 through 2.1, update to version 2.1 or later to resolve the issue.
Correção
Inadequate Encryption Strength
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Syspass