Jfinkhaeuser

Name of the Vulnerable Software and Affected Versions: aescrypt gem version 1.0.0 Description: The issue concerns the aescrypt gem for Ruby, which fails to randomize the CBC IV when using the AESCrypt.encrypt and AESCrypt.decrypt functions. This flaw enables attackers to bypass cryptographic protection through a chosen plaintext attack. Recommendations: For aescrypt gem version 1.0.0, consider updating to a version that properly randomizes the CBC IV for the AESCrypt.encrypt and AESCrypt.decrypt functions to prevent chosen plaintext attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.