PT-2012-3836 · Elixir · Elixir

Vincent Danen

Published

2012-08-26

Updated

2022-05-17

CVE-2012-2146

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Elixir versions prior to 0.8.0 Elixir versions 0.8.0

Description The issue arises from Elixir using Blowfish in CFB mode without constructing a unique initialization vector (IV). This makes it easier for context-dependent users to obtain sensitive information and decrypt the database.

Recommendations For Elixir versions prior to 0.8.0, update to a version that includes the patch to mitigate this issue. For Elixir version 0.8.0, apply the provided patch to address the vulnerability.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327CWE-310

Related Identifiers

CVE-2012-2146

GHSA-VFCG-5GGC-3RXX

PYSEC-2012-13

Affected Products

Elixir

PT-2012-3836 · Elixir · Elixir

CVE-2012-2146

Weakness Enumeration

Related Identifiers

Affected Products

References · 13