QwikSec

Security Database

CVE

CWE

Training

CVE-2016-6225

Published: Mar 23, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/percona/percona-xtrabackup/pull/267

x_refsource_CONFIRM

openSUSE-SU-2017:0251

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2017:0250

vendor-advisory

x_refsource_SUSE

https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949

x_refsource_CONFIRM

FEDORA-2017-5a823376be

vendor-advisory

x_refsource_FEDORA

https://github.com/percona/percona-xtrabackup/pull/266

x_refsource_CONFIRM

FEDORA-2017-6382ea8d57

vendor-advisory

x_refsource_FEDORA

https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.