First published: Thu Nov 16 2023(Updated: )
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
Affected Software | Affected Version | How to fix |
---|---|---|
pip/pypinksign | <=0.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for PyPinkSign v0.5.1 is GHSA-fxff-wxxv-c2jc.
The vulnerability in PyPinkSign v0.5.1 can lead to the disclosure of information and communications.
PyPinkSign v0.5.1 is the affected software version.
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption.
For more information about the vulnerability in PyPinkSign v0.5.1, you can refer to the following sources: [CVE-2023-48056](https://nvd.nist.gov/vuln/detail/CVE-2023-48056), [PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability](https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md), [bandoche.com](http://bandoche.com).