CVE-2016-6225: xbcrypt/xtrabackup encryption is not setting the IV correctly
Bug #1643949 reported by
Sergei Glushchenko
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Percona XtraBackup moved to https://jira.percona.com/projects/PXB | Status tracked in 2.4 | |||||
2.3 |
Fix Released
|
High
|
Sergei Glushchenko | |||
2.4 |
Fix Released
|
High
|
Sergei Glushchenko |
Bug Description
xbcrypt is not setting the IV correctly (and thus is not using an IV)
This causes the same ciphertext to be generated across different runs (for the
same message/same key). The IV provides the extra randomness to ensure
that the same ciphertext is not generated across runs
information type: | Private Security → Public Security |
To post a comment you must log in.
https:/ /github. com/percona/ percona- xtrabackup/ pull/266 /github. com/percona/ percona- xtrabackup/ pull/267
https:/