CVE-2020-8912

LOW Year: 2020
CVSS v3 Score
2.5
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-327
View all →

Vulnerability Description

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.

Related Vulnerabilities

CVE-2024-55539

LOW
CVSS:2.5(Low)

Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185.

CWE-3272024

CVE-2020-24587

LOW
CVSS:2.6(Low)

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An ad...

CWE-3272020

CVE-2020-23250

LOW
CVSS:2.3(Low)

GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database.

CWE-3272020

CVE-2025-2920

LOW
CVSS:2.0(Low)

A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. ...

CWE-3272025

CVE-2019-3700

LOW
CVSS:3.3(Low)

yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 2019...

CWE-3272019

CVE-2023-37395

LOW
CVSS:3.3(Low)

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.

CWE-3272023