CVE-2012-2146

Severity CVSS v4.0:

Pending analysis

Type:

CWE-310 Cryptographic Issues

Publication date:

26/08/2012

Last modified:

11/04/2025

Description

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.

Impact

Vector 2.0

AV:N/AC:M/Au:N/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 4.30 MEDIUM
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0

4.30

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:ematia:elixir:0.8.0:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://elixir.ematia.de/trac/ticket/119
http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pli=1
http://www.openwall.com/lists/oss-security/2012/04/27/8
http://www.openwall.com/lists/oss-security/2012/04/28/2
http://www.openwall.com/lists/oss-security/2012/04/29/1
https://bugzilla.redhat.com/show_bug.cgi?id=810013
http://elixir.ematia.de/trac/ticket/119
http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pli=1
http://www.openwall.com/lists/oss-security/2012/04/27/8
http://www.openwall.com/lists/oss-security/2012/04/28/2
http://www.openwall.com/lists/oss-security/2012/04/29/1
https://bugzilla.redhat.com/show_bug.cgi?id=810013