PT-2017-16819 · Syspass · Syspass
Nuxsmin
·
Published
2017-03-06
·
Updated
2017-03-15
·
CVE-2017-5999
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
sysPass versions 2.0 through 2.1
Description
An issue was discovered in sysPass where an algorithm was never sufficiently reviewed by cryptographers. The use of the MCRYPT RIJNDAEL 256() function, which is the 256-bit block version of Rijndael and not AES, could potentially help an attacker create havoc in the remote system.
Recommendations
For sysPass versions 2.0 through 2.1, update to version 2.1 or later to resolve the issue.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Syspass