Hardcoded Initialization Vectorparsel
All versions of
parsel have a default hardcoded initialization vector. In cases where the IV is not provided, the package defaults to a hardcoded IV which renders the cipher vulnerable to chosen plaintext attacks.
The package is deprecated and will not be updated. Consider using an alternative package.
publishedAdvisory PublishedJan 23rd, 2020
reportedReported by Salesforce Product SecurityJan 23rd, 2020