Описание
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.14.15-1 |
| bionic | not-affected | 1.14.15-1 |
| cosmic | not-affected | 1.14.15-1 |
| devel | not-affected | 1.14.15-1 |
| disco | not-affected | 1.14.15-1 |
| eoan | not-affected | 1.14.15-1 |
| esm-apps/bionic | not-affected | 1.14.15-1 |
| esm-apps/focal | not-affected | 1.14.15-1 |
| esm-apps/jammy | not-affected | 1.14.15-1 |
| esm-apps/noble | not-affected | 1.14.15-1 |
Показывать по
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAML ...
SimpleSAMLphp Incorrect IV generation for encryption
4.3 Medium
CVSS2
5.9 Medium
CVSS3