Title: Java: Static initialization vector · Issue #411 · github/securitylab · GitHub
Open Graph Title: Java: Static initialization vector · Issue #411 · github/securitylab
X Title: Java: Static initialization vector · Issue #411 · github/securitylab
Description: Query github/codeql#6357 CVE ID(s) The query detects CVE-2020-5408 in Spring Security. Please note that the issues has not been patched. They only deprecated the vulnerable methods. Therefore, the query detects the issue on the latest ve...
Open Graph Description: Query github/codeql#6357 CVE ID(s) The query detects CVE-2020-5408 in Spring Security. Please note that the issues has not been patched. They only deprecated the vulnerable methods. Therefore, the ...
X Description: Query github/codeql#6357 CVE ID(s) The query detects CVE-2020-5408 in Spring Security. Please note that the issues has not been patched. They only deprecated the vulnerable methods. Therefore, the ...
Opengraph URL: https://github.com/github/securitylab/issues/411
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Java: Static initialization vector","articleBody":"## Query\r\n\r\nhttps://github.com/github/codeql/pull/6357\r\n\r\n## CVE ID(s)\r\n\r\n- The query detects CVE-2020-5408 in Spring Security. Please note that the issues has not been patched. They only deprecated the vulnerable methods. Therefore, the query detects the issue on the latest version of Spring Security.\r\n\r\n## Report\r\n\r\nWhen a cipher is used in certain modes, it needs an initialization vector (IV). IVs are used to randomize the encryption, therefore they should be unique and ideally unpredictable. Otherwise, the same plaintexts result in same ciphertexts under a given secret key. If a static IV is used for encryption, this lets an attacker learn if the same data pieces are transfered or stored, or this can help the attacker run a dictionary attack.\r\n\r\n- [x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*\r\n\r\nYes, I am planning to write a blog post about the query.\r\n\r\n## Result(s)\r\n\r\n- [OFBIZ-12281](https://issues.apache.org/jira/browse/OFBIZ-12281) in Apache OFBiz\r\n- [PDFBOX-4191](https://issues.apache.org/jira/browse/PDFBOX-4191) in Apache PDFBox\r\n","author":{"url":"https://github.com/artem-smotrakov","@type":"Person","name":"artem-smotrakov"},"datePublished":"2021-07-23T06:46:57.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":7},"url":"https://github.com/411/securitylab/issues/411"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:348bfa7d-a213-faf7-41cd-72c03f012310 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | D768:1EF1:2E15742:41B7580:6A4D0B8E |
| html-safe-nonce | 32bab9858d3ec2b98fef26b50d893e7510d10cdbe95f33184c32c4d74840d300 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJENzY4OjFFRjE6MkUxNTc0Mjo0MUI3NTgwOjZBNEQwQjhFIiwidmlzaXRvcl9pZCI6IjIxODk0ODE4MTk5ODM2NDU1ODIiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 557160d16a9c59950b80926925003e8b74e8316719c209589768579b2776cd25 |
| hovercard-subject-tag | issue:951299983 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/securitylab/411/issue_layout |
| twitter:image | https://opengraph.githubassets.com/ac3ba6c05d7dd80d5dad0838170c9ac79179a560fbae81373866e0710beab732/github/securitylab/issues/411 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/ac3ba6c05d7dd80d5dad0838170c9ac79179a560fbae81373866e0710beab732/github/securitylab/issues/411 |
| og:image:alt | Query github/codeql#6357 CVE ID(s) The query detects CVE-2020-5408 in Spring Security. Please note that the issues has not been patched. They only deprecated the vulnerable methods. Therefore, the ... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | artem-smotrakov |
| hostname | github.com |
| expected-hostname | github.com |
| None | bcb4661e6fb4fe8b394c51ea02ccdb2236d40dc59afc75a3bbba50bf6517134c |
| turbo-cache-control | no-preview |
| go-import | github.com/github/securitylab git https://github.com/github/securitylab.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 221101274 |
| octolytics-dimension-repository_nwo | github/securitylab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 221101274 |
| octolytics-dimension-repository_network_root_nwo | github/securitylab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | fb70bd3c4b2bec429781b65419e912c66e2d5581 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width