PT-2019-19257 · Seafile · Seafile Android Client

Published

2019-02-18

Updated

2021-07-21

CVE-2019-8919

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Seafile Android Client versions through 2.2.13

Description The application uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

Recommendations For versions through 2.2.13, update to a version that uses a unique Initialization Vector (IV) for each encryption operation to prevent chosen-plaintext and dictionary attacks.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330

Related Identifiers

CVE-2019-8919

Affected Products

Seafile Android Client

PT-2019-19257 · Seafile · Seafile Android Client

CVE-2019-8919

Weakness Enumeration

Related Identifiers

Affected Products

References · 3