Description
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
References (3)
Core 3
Core References
Broken Link
http://bandoche.com
Broken Link
http://pypinksign.com
Third Party Advisory
https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md
Scores
CVSS v3
7.5
EPSS
0.0047
EPSS Percentile
37.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-330
Status
published
Products (2)
bandoche/pypinksign
0.5.1
pypi/pypinksign
0PyPI
Published
Nov 16, 2023
Tracked Since
Feb 18, 2026