CVE-2013-7463

Published: 2017-04-19T17:59Z

Last Modified: 2024-11-21T02:01Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt