Описание
Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.5 (включая)
Одно из
cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:*
cpe:2.3:a:percona:xtrabackup:2.1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:percona:xtrabackup:2.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:percona:xtrabackup:2.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:percona:xtrabackup:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:percona:xtrabackup:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:percona:xtrabackup:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:percona:xtrabackup:2.1.4:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.0006
Низкий
2.1 Low
CVSS2
Дефекты
CWE-310
Связанные уязвимости
ubuntu
около 12 лет назад
Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
debian
около 12 лет назад
Percona XtraBackup before 2.1.6 uses a constant string for the initial ...
github
больше 3 лет назад
Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
EPSS
Процентиль: 19%
0.0006
Низкий
2.1 Low
CVSS2
Дефекты
CWE-310