Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2146

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2146
Last Modified 27 Aug 2012 12:00:00
Published 26 Aug 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2146

Summary

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.

Vulnerable Systems

Application

  • Ematia Elixir 0.8.0


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=810013

MLIST - [oss-security] 20120429 Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)

MLIST - [oss-security] 20120428 Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)

MLIST - [oss-security] 20120427 weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)

MISC - http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pli=1

MISC - http://elixir.ematia.de/trac/ticket/119


Last Updated: 27 May 2016 11:00:18