Vulnerability CVE-2012-3458


Published: 2012-09-15

Description:
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Python -> Beaker 

 References:
https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5
https://bugzilla.redhat.com/show_bug.cgi?id=809267
http://www.openwall.com/lists/oss-security/2012/08/13/10
http://www.debian.org/security/2012/dsa-2541
http://secunia.com/advisories/50520
http://secunia.com/advisories/50226

Copyright 2024, cxsecurity.com

 

Back to Top