Published: 15/09/2012 Updated: 17/09/2012

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Beaker prior to 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote malicious users to obtain portions of sensitive session data via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python beaker

Debian Bug report logs - #684890 CVE-2012-3458: Information disclosure Package: beaker; Maintainer for beaker is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 14 Aug 2012 13:00:01 UTC Severity: grave Tags: security Fixed in versi ...

It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode Systems that have the python-pycryptopp package should not be vulnerable, as this backend is preferred over python-cryp ...

CWE-310 http://www.debian.org/security/2012/dsa-2541 http://secunia.com/advisories/50520 http://www.openwall.com/lists/oss-security/2012/08/13/10 https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5 http://secunia.com/advisories/50226 https://bugzilla.redhat.com/show_bug.cgi?id=809267 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684890 https://nvd.nist.gov https://www.debian.org/security/./dsa-2541

CVE-2012-3458

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect