PT-2017-7269 · Lemur · Lemur
Rpicardo
·
Published
2017-08-09
·
Updated
2022-05-13
·
CVE-2015-7764
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Lemur version 0.1.4
Description
The issue is related to insufficient entropy in the initialization vector (IV) when encrypting AES in CBC mode.
Recommendations
For version 0.1.4, consider updating to a version that properly implements sufficient entropy in its IV for AES encryption in CBC mode. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lemur