CVE-2013-6394

Percona XtraBackup < 2.1.6 - Weak Cryptographic Initialization Vector

Title source: llm
STIX 2.1

Description

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.

References (4)

Core 4
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/26/11

Scores

EPSS 0.0038
EPSS Percentile 30.3%

Details

CWE
CWE-310
Status published
Products (7)
opensuse/opensuse 13.1
percona/xtrabackup 2.1.0 alpha1 (3 CPE variants)
percona/xtrabackup 2.1.1
percona/xtrabackup 2.1.2
percona/xtrabackup 2.1.3
percona/xtrabackup 2.1.4
percona/xtrabackup < 2.1.5
Published Dec 13, 2013
Tracked Since Feb 18, 2026