Vulnerability Description
Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ematia | Elixir | 0.8.0 |
Related Weaknesses (CWE)
References
- http://elixir.ematia.de/trac/ticket/119Vendor Advisory
- http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pl
- http://www.openwall.com/lists/oss-security/2012/04/27/8
- http://www.openwall.com/lists/oss-security/2012/04/28/2
- http://www.openwall.com/lists/oss-security/2012/04/29/1
- https://bugzilla.redhat.com/show_bug.cgi?id=810013
- http://elixir.ematia.de/trac/ticket/119Vendor Advisory
- http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pl
- http://www.openwall.com/lists/oss-security/2012/04/27/8
- http://www.openwall.com/lists/oss-security/2012/04/28/2
- http://www.openwall.com/lists/oss-security/2012/04/29/1
- https://bugzilla.redhat.com/show_bug.cgi?id=810013
FAQ
What is CVE-2012-2146?
CVE-2012-2146 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the datab...
How severe is CVE-2012-2146?
CVE-2012-2146 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2146?
Check the references section above for vendor advisories and patch information. Affected products include: Ematia Elixir.