CVE-2012-3458

Python Beaker < 1.6.4 - Cryptographic Issue

Title source: rule

Description

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.

References (6)

[Vendor Advisory] http://secunia.com/advisories/50226

[Vendor Advisory] http://secunia.com/advisories/50520

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=809267

[Patch] https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2541

[Mailing List] http://www.openwall.com/lists/oss-security/2012/08/13/10

Scores

EPSS 0.0060

EPSS Percentile 69.2%

Classification

CWE

CWE-310

Status draft

Affected Products (2)

python/beaker < 1.6.4

pypi/beaker < 1.6.4PyPI

Timeline

Published Sep 15, 2012

Tracked Since Feb 18, 2026