CVE-2013-6394

CVE-2013-6394

EPSS 0.4%

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html http://www.openwall.com/lists/oss-security/2013/11/26/11 http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html