Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
在加密中重用Nonce与密钥对
Vulnerability Title
Cocoon 安全漏洞
Vulnerability Description
Cocoon是Alexander Fadeev个人开发者的一个简单可靠的安全存储库。 Cocoon 0.4.0之前版本存在安全漏洞,该漏洞源于容易在加密中重复使用Nonce密钥对,攻击者可以通过使用相同的cocoon对象创建新的加密消息来生成相同的密文。
CVSS Information
N/A
Vulnerability Type
N/A