Cryptographic Issues Affecting org.apache.directory.server:apacheds-kerberos-codec package, versions [0,]
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040
- published 6 May 2021
- disclosed 20 Jan 2021
- credit Ya Xiao
Introduced: 20 Jan 2021
CVE NOT AVAILABLE CWE-338 Open this link in a new tabHow to fix?
A fix was pushed into the master
branch but not yet published.
Overview
Affected versions of this package are vulnerable to Cryptographic Issues. A static IV is used in symmetric encryption with CBC mode. The IV of CBC mode is expected to be random. The static IV makes the resulting ciphertext much more predictable and susceptible to a dictionary attack.