CVE-2013-7463

Published April 19th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.

Gurpartap/aescrypt

A simple and opinionated AES encrypt / decrypt Ruby gem that just works.

GitHub

156