VYPR
High severity7.5NVD Advisory· Published Mar 6, 2017· Updated Jun 17, 2026

CVE-2017-5999

CVE-2017-5999

Description

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Syspass/Syspass2 versions
    cpe:2.3:a:syspass:syspass:2.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:syspass:syspass:2.0:*:*:*:*:*:*:*
    • (no CPE)range: <2.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.