PT-2020-20974 — Inadequate Encryption Strength in Amazon Web Services Aws Encryption Cli

PT-2020-20974 · Amazon Web Services · Aws Encryption Cli

Published

2020-10-28

Updated

2020-10-28

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions AWS Encryption CLI versions prior to 1.8.x AWS Encryption CLI versions prior to 2.1.x

Description The issue allows decryption to succeed using a CMK that was not included in the user-defined set when the CLI is operating in "strict mode", even though decryption only succeeds if the user has permission to decrypt with at least one of the CMKs.

Recommendations For versions prior to 1.8.x, upgrade to version 1.8.x or later as soon as possible. For versions prior to 2.1.x, upgrade to version 2.1.x or later as soon as possible.

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

GHSA-2XWP-M7MQ-7Q3R

Affected Products

Aws Encryption Cli

PT-2020-20974 · Amazon Web Services · Aws Encryption Cli

Weakness Enumeration

Related Identifiers

Affected Products

References · 3