Insecure Session Encryption in Beaker

Insecure Session Encryption in Beaker

CVE-2012-3458 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.