CVE-2012-3458
Beaker < 1.6.4 - Sensitive Session Data Exposure via ECB Mode Encryption
Title source: llmDescription
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
References (6)
Core 6
Core References
Patch x_refsource_confirm
https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50226
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50520
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/13/10
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2541
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=809267
Scores
EPSS
0.0060
EPSS Percentile
69.8%
Details
CWE
CWE-310
Status
published
Products (2)
pypi/beaker
0 - 1.6.4PyPI
python/beaker
< 1.6.4
Published
Sep 15, 2012
Tracked Since
Feb 18, 2026