Static IV in Archery v1.10.0 AES CBC Encryption: Information Disclosure Vulnerability

CVE-2023-48053 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

Learn more about our Web Application Penetration Testing UK.