SysPass risky cryptographic algorithm usage
Posted on 30 November -0001
<HTML><HEAD><TITLE>sysPass risky cryptographic algorithm usage</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>##################################################### Title - sysPass risky cryptographic algorithm usage ##################################################### Credit: Guenaelle De Julis & Quentin Olagne CVE: CVE-2017-5999 Dates: 14/02/2017 Vendor: sysPass Product: sysPass Versions Affected: * >= 2.0 Risk / Severity Rating: 4.4 CVSSv2 ##################################################### SysPass product implement a risky cryptographic algorithm usage declared in the file 'Syspass/inc/SP/Core/Crypt.class'. Functions such as GetIV() or encrypt() are vulnerable since they rely on 'Crypt.class' file. An attacker could use this non standard AES-256 implementation (MCRYPT_RIJNDAEL_256()) to potentially break this cipher. The fact that MCRYPT_RIJNDAEL_256() works with 256 bits block size instead of 128 bits changes the used constants (polynoms and matrix) which have not been thoroughly checked by the community. ######### Solution ######### Use the latest version of the product (2.1) #################### Greetz & Shout-outs #################### Guenaelle De Julis</BODY></HTML>