PT-2019-19257 · Seafile · Seafile Android Client

Publicado

2019-02-18

Atualizado

2021-07-21

CVE-2019-8919

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Seafile Android Client versions through 2.2.13

Description The application uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

Recommendations For versions through 2.2.13, update to a version that uses a unique Initialization Vector (IV) for each encryption operation to prevent chosen-plaintext and dictionary attacks.

Correção

Use of Insufficiently Random Values

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-330

Identificadores relacionados

CVE-2019-8919

Produtos afetados

Seafile Android Client

PT-2019-19257 · Seafile · Seafile Android Client

CVE-2019-8919

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3