Description
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/haiwen/seadroid/issues/789
Scores
CVSS v3
7.5
EPSS
0.0144
EPSS Percentile
69.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-330
Status
published
Products (1)
seafile/seadroid
< 2.2.13
Published
Feb 18, 2019
Tracked Since
Feb 18, 2026