{"id":"PYSEC-2012-13","details":"Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.","aliases":["CVE-2012-2146","GHSA-vfcg-5ggc-3rxx"],"modified":"2024-05-01T11:41:43.345350Z","published":"2012-08-26T21:55:00Z","references":[{"type":"WEB","url":"http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pli=1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/04/27/8"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/04/28/2"},{"type":"WEB","url":"http://elixir.ematia.de/trac/ticket/119"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/04/29/1"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=810013"}],"affected":[{"package":{"name":"elixir","ecosystem":"PyPI","purl":"pkg:pypi/elixir"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.5.0","0.5.1","0.5.2","0.6.0","0.6.1","0.7.0","0.7.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/elixir/PYSEC-2012-13.yaml"}}],"schema_version":"1.7.3"}