CVE-2012-2743

Published: Jun 27, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

revelation-sha-weak-security(76408)

vdb-entry

x_refsource_XF

[oss-security] 20120618 CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key

mailing-list

x_refsource_MLIST

54060

vdb-entry

x_refsource_BID

[oss-security] 20120618 Re: CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key

mailing-list

x_refsource_MLIST

https://bugs.gentoo.org/show_bug.cgi?id=421571

x_refsource_MISC

http://oss.codepoet.no/revelation/issue/61/file-format-magic-string-version-mismatch

x_refsource_CONFIRM

http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-2743

Description

Affected Products

References