CVE-2013-6394
Percona XtraBackup < 2.1.6 - Weak Cryptographic Initialization Vector
Title source: llmDescription
Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
References (4)
Core 4
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html
Patch, Vendor Advisory x_refsource_confirm
http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/26/11
Scores
EPSS
0.0038
EPSS Percentile
30.3%
Details
CWE
CWE-310
Status
published
Products (7)
opensuse/opensuse
13.1
percona/xtrabackup
2.1.0 alpha1 (3 CPE variants)
percona/xtrabackup
2.1.1
percona/xtrabackup
2.1.2
percona/xtrabackup
2.1.3
percona/xtrabackup
2.1.4
percona/xtrabackup
< 2.1.5
Published
Dec 13, 2013
Tracked Since
Feb 18, 2026