CVE-2013-7463: Encryption with no Initialization Vector

April 19, 2017 (updated April 28, 2017)

AESCrypt.encrypt and AESCrypt.decrypt functions are not randomized with an Initialization Vector (IV), which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.

References

github.com/Gurpartap/aescrypt/issues/4

Detect and mitigate CVE-2013-7463 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →