{"id":"PYSEC-2012-1","details":"Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.","aliases":["CVE-2012-3458","GHSA-39vm-p9mr-4r27"],"modified":"2024-05-01T11:26:44.478107Z","published":"2012-09-15T17:55:00Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2012/dsa-2541"},{"type":"ADVISORY","url":"http://secunia.com/advisories/50520"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/08/13/10"},{"type":"FIX","url":"https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5"},{"type":"ADVISORY","url":"http://secunia.com/advisories/50226"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=809267"}],"affected":[{"package":{"name":"beaker","ecosystem":"PyPI","purl":"pkg:pypi/beaker"},"ranges":[{"type":"GIT","repo":"https://github.com/bbangert/beaker","events":[{"introduced":"0"},{"fixed":"91becae76101cf87ce8cbfabe3af2622fc328fe5"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.5.post1"}]}],"versions":["0.5","0.6","0.6.1","0.6.2","0.6.3","0.7","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.8","0.8.1","0.9","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","1.0","1.0.1","1.0.2","1.0.3","1.1","1.1.1","1.1.2","1.1.3","1.2","1.2.1","1.2.2","1.2.3","1.3","1.3.1","1.3.1dev","1.4","1.4.1","1.4.2","1.4.3","1.5","1.5.1","1.5.2","1.5.3","1.5.4","1.6","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/beaker/PYSEC-2012-1.yaml"}}],"schema_version":"1.7.3"}