sysPass 2.0 risky cryptographic algorithm usage

Published / (Updated)
Credit
Risk
2017-02-22 / 2017-03-01
Guenaelle De Julis & Quentin Olagne
Medium
CWE
CVE
Local
Remote
N/A
CVE-2017-5999
Yes
No

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

############################################################
CVE-2017-5999 - sysPass risky cryptographic algorithm usage
############################################################
Credit: Guenaelle De Julis & Quentin Olagne
CVE: CVE-2017-5999
Dates: 14/02/2017
Vendor: sysPass
Product: sysPass
Versions Affected: * >= 2.0
Risk / Severity Rating: 4.4 CVSSv2
#####################################################

SysPass product implement a risky cryptographic algorithm usage declared in the file 'Syspass/inc/SP/Core/Crypt.class'.
Functions such as GetIV() or encrypt() are vulnerable since they rely on 'Crypt.class' file.

An attacker could use this non standard AES-256 implementation (MCRYPT_RIJNDAEL_256()) to potentially break this cipher.
The fact that MCRYPT_RIJNDAEL_256() works with 256 bits block size instead of 128 bits changes the used constants (polynoms and matrix) which have not been thoroughly checked by the community.

#########
Solution
#########
Use the latest version of the product (2.1)

####################
Greetz & Shout-outs
####################
Guenaelle De Julis

References:

http://www.syspass.org/index-en.html


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com