Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Disk ARchive Blowfish-CBC加密实现IV冲突漏洞
Vulnerability Description
"Disk ARchive(dar)是用于备份目录树和文件的shell命令。 Disk ARchive Blowfish-CBC加密方式的实现上存在漏洞,可能导致不安全的加密。 dar中所使用的Blowfish加密方式中可能会出现IV冲突,有漏洞的代码位于dar-2.3.2/src/libdar/crypto.cpp文件的178-194行: 178: void blowfish::make_ivec(const infinint & ref, unsigned char ivec[8]) 179: { 1
CVSS Information
N/A
Vulnerability Type
N/A