CVE-2013-6394

medium

Description

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.

References

http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html

http://www.openwall.com/lists/oss-security/2013/11/26/11

http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html

Details

Source: Mitre, NVD

Published: 2013-12-13

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium