PT-2017-8935 · Percona · Percona Xtrabackup
Ken Takara
·
Publicado
2017-03-23
·
Atualizado
2018-10-30
·
CVE-2016-6225
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Percona XtraBackup versions prior to 2.3.6
Percona XtraBackup versions 2.4.x prior to 2.4.5
Description
The issue arises from the improper setting of the initialization vector (IV) for encryption in xbcrypt, making it easier for attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack.
Recommendations
For Percona XtraBackup versions prior to 2.3.6, update to version 2.3.6 or later.
For Percona XtraBackup versions 2.4.x prior to 2.4.5, update to version 2.4.5 or later.
Correção
Inadequate Encryption Strength
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Percona Xtrabackup