Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mikel_olasagasti | revelation | 0.4.7 |
| mikel_olasagasti | revelation | 0.1.0 |
| mikel_olasagasti | revelation | 0.3.0 |
| mikel_olasagasti | revelation | 0.3.1 |
| mikel_olasagasti | revelation | 0.3.2 |
| mikel_olasagasti | revelation | * |
| mikel_olasagasti | revelation | 0.4.0 |
| mikel_olasagasti | revelation | 0.4.2 |
| mikel_olasagasti | revelation | 0.2.0 |
| mikel_olasagasti | revelation | 0.4.12 |
| mikel_olasagasti | revelation | 0.4.3 |
| mikel_olasagasti | revelation | 0.4.5 |
| mikel_olasagasti | revelation | 0.4.9 |
| mikel_olasagasti | revelation | 0.4.1 |
| mikel_olasagasti | revelation | 0.3.3 |
| mikel_olasagasti | revelation | 0.4.6 |
| mikel_olasagasti | revelation | 0.4.11 |
| mikel_olasagasti | revelation | 0.2.1 |
| mikel_olasagasti | revelation | 0.1.1 |
| mikel_olasagasti | revelation | 0.4.10 |
| mikel_olasagasti | revelation | 0.4.4 |
| mikel_olasagasti | revelation | 0.3.4 |
| mikel_olasagasti | revelation | 0.1.2 |
| mikel_olasagasti | revelation | 0.4.8 |
Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mikel_olasagasti | revelation | 0.4.7 |
| mikel_olasagasti | revelation | 0.1.0 |
| mikel_olasagasti | revelation | 0.3.0 |
| mikel_olasagasti | revelation | 0.3.1 |
| mikel_olasagasti | revelation | 0.3.2 |
| mikel_olasagasti | revelation | * |
| mikel_olasagasti | revelation | 0.4.0 |
| mikel_olasagasti | revelation | 0.4.2 |
| mikel_olasagasti | revelation | 0.2.0 |
| mikel_olasagasti | revelation | 0.4.12 |
| mikel_olasagasti | revelation | 0.4.3 |
| mikel_olasagasti | revelation | 0.4.5 |
| mikel_olasagasti | revelation | 0.4.9 |
| mikel_olasagasti | revelation | 0.4.1 |
| mikel_olasagasti | revelation | 0.3.3 |
| mikel_olasagasti | revelation | 0.4.6 |
| mikel_olasagasti | revelation | 0.4.11 |
| mikel_olasagasti | revelation | 0.2.1 |
| mikel_olasagasti | revelation | 0.1.1 |
| mikel_olasagasti | revelation | 0.4.10 |
| mikel_olasagasti | revelation | 0.4.4 |
| mikel_olasagasti | revelation | 0.3.4 |
| mikel_olasagasti | revelation | 0.1.2 |
| mikel_olasagasti | revelation | 0.4.8 |
The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mikel_olasagasti | revelation | 0.4.7 |
| mikel_olasagasti | revelation | 0.1.0 |
| mikel_olasagasti | revelation | 0.3.0 |
| mikel_olasagasti | revelation | 0.3.1 |
| mikel_olasagasti | revelation | 0.3.2 |
| mikel_olasagasti | revelation | * |
| mikel_olasagasti | revelation | 0.4.0 |
| mikel_olasagasti | revelation | 0.4.2 |
| mikel_olasagasti | revelation | 0.2.0 |
| mikel_olasagasti | revelation | 0.4.12 |
| mikel_olasagasti | revelation | 0.4.3 |
| mikel_olasagasti | revelation | 0.4.5 |
| mikel_olasagasti | revelation | 0.4.9 |
| mikel_olasagasti | revelation | 0.4.1 |
| mikel_olasagasti | revelation | 0.3.3 |
| mikel_olasagasti | revelation | 0.4.6 |
| mikel_olasagasti | revelation | 0.4.11 |
| mikel_olasagasti | revelation | 0.2.1 |
| mikel_olasagasti | revelation | 0.1.1 |
| mikel_olasagasti | revelation | 0.4.10 |
| mikel_olasagasti | revelation | 0.4.4 |
| mikel_olasagasti | revelation | 0.3.4 |
| mikel_olasagasti | revelation | 0.1.2 |
| mikel_olasagasti | revelation | 0.4.8 |