[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

sysPass >= 2.0 risky cryptographic algorithm usage Vulnerability

Author
Guenaelle De Julis
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-27165
Category
web applications
Date add
01-03-2017
CVE
CVE-2017-5999
Platform
php
############################################################
CVE-2017-5999 - sysPass risky cryptographic algorithm usage
############################################################
Credit: Guenaelle De Julis & Quentin Olagne
CVE: CVE-2017-5999
Dates: 14/02/2017
Vendor: sysPass
Product: sysPass
Versions Affected: * >= 2.0
Risk / Severity Rating: 4.4 CVSSv2
#####################################################

SysPass product implement a risky cryptographic algorithm usage declared in the file 'Syspass/inc/SP/Core/Crypt.class'.
Functions such as GetIV() or encrypt() are vulnerable since they rely on 'Crypt.class' file.

An attacker could use this non standard AES-256 implementation (MCRYPT_RIJNDAEL_256()) to potentially break this cipher.
The fact that MCRYPT_RIJNDAEL_256() works with 256 bits block size instead of 128 bits changes the used constants (polynoms and matrix) which have not been thoroughly checked by the community.

#########
Solution
#########
Use the latest version of the product (2.1)

####################
Greetz & Shout-outs
####################
Guenaelle De Julis

#  0day.today [2024-12-24]  #