CVE-2017-3225— DENX Software Engineering Das U-Boot 加密问题漏洞

Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector that may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data.

N/A

在CBC加密模式中未使用随机化IV向量

DENX Software Engineering Das U-Boot 加密问题漏洞

DENX Software Engineering Das U-Boot是德国DENX Software Engineering公司的一套可以从AES加密文件读取设备配置的引导加载程序。 DENX Software Engineering Das U-Boot中存在加密问题漏洞。本地攻击者可利用该漏洞解密数据。

N/A

N/A