{"id":"CVE-2017-5999","details":"An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system.","modified":"2026-04-10T04:00:37.988978Z","published":"2017-03-06T06:59:00.287Z","references":[{"type":"ADVISORY","url":"https://cxsecurity.com/issue/WLB-2017020196"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96562"},{"type":"FIX","url":"https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f"},{"type":"FIX","url":"https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nuxsmin/syspass","events":[{"introduced":"0"},{"fixed":"a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f"}]},{"type":"GIT","repo":"https://github.com/nuxsmin/syspass","events":[{"introduced":"0"},{"fixed":"81cc9e38db2a5f47efc46575db88ccd6dbf29204"}]},{"type":"GIT","repo":"https://github.com/nuxsmin/syspass","events":[{"introduced":"0"},{"fixed":"a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f"}]},{"type":"GIT","repo":"https://github.com/nuxsmin/syspass","events":[{"introduced":"0"},{"fixed":"81cc9e38db2a5f47efc46575db88ccd6dbf29204"}]}],"versions":["1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.2.18","1.1.2.19","1.1.2.20","1.1.2.21","1.1.2.22","1.1.2.23","1.1.2.24","1.2.0.02-rc2","1.2.0.03-rc3","1.2.0.04-rc4","1.2.0.05-rc5","1.2.0.06","1.2.0.07","1.2.0.08","1.2.0.09","1.2.0.10","1.2.0.11","1.2.0.12","1.2.0.13","1.2.0.14","1.2.0.16","1.2.0.17","1.2.0.18","1.2.0.19","1.2.0.20","1.2.0.21","2.0.0.17021301","2.0.0.17021302","2.0.0.17021601"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5999.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.0"}]},{"events":[{"introduced":"2.x"},{"fixed":"2.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}