漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Minosoft has IV equal to key
Vulnerability Description
Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine ( CryptManager.kt ) initializes its AES cipher using an initialization vector (IV) that is set equal to the secret key rather than to a sufficiently random value. Because the IV is not random and is derived directly from the key, the encryption is vulnerable to chosen-ciphertext/chosen-plaintext attacks: an attacker who can submit specific messages for encryption can recover the secret key. This affects all versions supporting Minecraft protocol 1.7 and later. No patched version is available, and no known workarounds are available.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在CBC加密模式中未使用随机化IV向量
Vulnerability Title
Moritz Zwerger Minosoft 加密问题漏洞
Vulnerability Description
Moritz Zwerger Minosoft是德国Moritz Zwerger个人开发者开源的一款连接客户端与Minecraft服务器的软件。 Moritz Zwerger Minosoft存在加密问题漏洞,该漏洞源于在初始化 AES 密码时,使用的初始化向量(IV)与密钥相同,而非使用具有足够随机性的值。
CVSS Information
N/A
Vulnerability Type
N/A