HIGH
Syspass
CVE published 2017-03-06
CVE-2017-5999
CVE-2017-5999 is a cryptographic implementation issue in sysPass 2.x before 2.1. The vulnerable code in inc/SP/Core/Crypt.class used MCRYPT_RIJNDAEL_256, which is the 256-bit block version of Rijndael rather than AES, instead of MCRYPT_RIJNDAEL_128. NVD rates the issue as HIGH (CVSS 7.5) with network access, no privileges, and no user interaction required, and the confidentiality impact is high.