CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly

Bug #1643949 reported by Sergei Glushchenko on 2016-11-22
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Percona XtraBackup moved to https://jira.percona.com/projects/PXB
Status tracked in 2.4
2.3
Fix Released
High
Sergei Glushchenko
2.4
Fix Released
High
Sergei Glushchenko

Bug Description

xbcrypt is not setting the IV correctly (and thus is not using an IV)
This causes the same ciphertext to be generated across different runs (for the
same message/same key). The IV provides the extra randomness to ensure
that the same ciphertext is not generated across runs

CVE References

This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.