Insecure Randomness Affecting pypinksign package, versions [0,]
Threat Intelligence
EPSS
0.06% (27th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-PYPINKSIGN-6068108
- published 17 Nov 2023
- disclosed 16 Nov 2023
- credit gxx777
Introduced: 16 Nov 2023
CVE-2023-48056 Open this link in a new tabHow to fix?
There is no fixed version for pypinksign
.
Overview
pypinksign is a Basic NPKI module.
Affected versions of this package are vulnerable to Insecure Randomness due to improper encryption operations. An attacker could exploit the patterns of the encrypted data, that is less secure.
Workaround
Users should not set default constant IV for CBC encryption. Users should modify the encryption process to generate a random IV each time an encryption operation is performed.
CVSS Scores
version 3.1