Generation of Predictable IV with CBC Mode
CVE-2006-0898
Summary
Crypt::CBC Perl module in versions prior to 2.17, when running in 'RandomIV' mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.
- HIGH
- NETWORK
- NONE
- NONE
- PARTIAL
- NONE
CWE-329 - Generation of Predictable IV with CBC Mode
The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.
References
Advisory Timeline
- Published