First published: Thu Nov 16 2023(Updated: )
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
Credit: firstname.lastname@example.org email@example.com
|Affected Software||Affected Version||How to fix|
The vulnerability ID is CVE-2023-48056.
PyPinkSign is a software package.
Version 0.5.1 of PyPinkSign is affected.
CBC (Cipher Block Chaining) is a mode of operation for symmetric block ciphers like AES.
Using a non-random or static IV in CBC mode can lead to the disclosure of information and communications.
Yes, there are references available at http://bandoche.com, http://pypinksign.com, and https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md