CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly

Bug #1643949 reported by Sergei Glushchenko
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Percona XtraBackup moved to https://jira.percona.com/projects/PXB
Status tracked in 2.4
2.3
Fix Released
High
Sergei Glushchenko
2.4
Fix Released
High
Sergei Glushchenko

Bug Description

xbcrypt is not setting the IV correctly (and thus is not using an IV)
This causes the same ciphertext to be generated across different runs (for the
same message/same key). The IV provides the extra randomness to ensure
that the same ciphertext is not generated across runs

CVE References

Revision history for this message
Sergei Glushchenko (sergei.glushchenko) wrote :
information type: Private Security → Public Security
Revision history for this message
David Busby (d-busby) wrote :
Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXB-490

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.