Skip to main content

Generation of Predictable IV with CBC Mode


Severity Low
Score 2.6/10


Crypt::CBC Perl module in versions prior to 2.17, when running in 'RandomIV' mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.

  • HIGH
  • NONE
  • NONE
  • NONE

CWE-329 - Generation of Predictable IV with CBC Mode

The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.


Advisory Timeline

  • Published