CVE-2017-11133

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random() in previous versions and with CryptoJS.lib.WordArray.random() in newer versions, which uses math.random() internally. This is not cryptographically strong.
References
Link Resource
http://seclists.org/fulldisclosure/2017/Jul/90 Mailing List Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:*:android:*:*

Configuration 2 (hide)

cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:web:*:*:*

Configuration 3 (hide)

cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:desktop:*:*:*

Information

Published : 2017-08-01 07:29

Updated : 2017-08-07 13:58


NVD link : CVE-2017-11133

Mitre link : CVE-2017-11133


JSON object : View

CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm

Advertisement

dedicated server usa

Products Affected

stashcat

  • heinekingmedia