CVE-2015-7764

CVE-2015-7764

EPSS 1.5%

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/kvesteri/sqlalchemy-utils/issues/166 https://github.com/Netflix/lemur/issues/117 http://www.openwall.com/lists/oss-security/2015/10/20/3