CVE-2012-3458

Published: Sep 15, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5

x_refsource_CONFIRM

50226

third-party-advisory

x_refsource_SECUNIA

50520

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20120813 ANN: Beaker 1.6.4 released with important security update

mailing-list

x_refsource_MLIST

DSA-2541

vendor-advisory

x_refsource_DEBIAN

https://bugzilla.redhat.com/show_bug.cgi?id=809267

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-3458

Description

Affected Products

References