Описание
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.13 (включая)
cpe:2.3:a:seafile:seadroid:*:*:*:*:*:android:*:*
EPSS
Процентиль: 54%
0.00316
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-330
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
EPSS
Процентиль: 54%
0.00316
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-330