CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.debian.org/security/2012/dsa-2541
http://secunia.com/advisories/50520	Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/08/13/10
https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5
http://secunia.com/advisories/50226	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=809267

Configurations

Configuration 1 (hide)

cpe:2.3:a:python:beaker:*:*:*:*:*:*:*:*

Information

Published : 2012-09-15 10:55

Updated : 2012-09-17 10:43

NVD link : CVE-2012-3458

Mitre link : CVE-2012-3458

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

python

beaker

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.debian.org/security/2012/dsa-2541", "name": "DSA-2541", "tags": [], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/50520", "name": "50520", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.openwall.com/lists/oss-security/2012/08/13/10", "name": "[oss-security] 20120813 ANN: Beaker 1.6.4 released with important security update", "tags": [], "refsource": "MLIST"}, {"url": "https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5", "name": "https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/50226", "name": "50226", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=809267", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=809267", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-3458", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-09-15T17:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:python:beaker:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.6.4"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-09-17T17:43Z"}

4.3 /10