FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py39-Elixir -- weak use of cryptography

Affected packages
py39-Elixir <= 0.8.0

Details

VuXML ID 2991178f-cbe8-11ed-956f-7054d21a9e2a
Discovery 2012-08-26
Entry 2023-03-26

Red Hat Security Response Team reports:

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.

References

CVE Name CVE-2012-2146
URL https://osv.dev/vulnerability/PYSEC-2012-13