CVE-2017-5999

Name: CVE-2017-5999
Creator: NVD / NIST
Published: 2017-03-06T06:59:00.287+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.14%

Last modified Jun 17, 2026

CVE-2017-5999 is a vulnerability of currently unknown severity. An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system.. EPSS estimates a 1.14% chance of exploitation in the next 30 days.

Description

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system.

Metrics

EPSS Probability

1.14%

62.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-326

Affected Software

Vendor	Product	Versions
Syspass	Syspass	2.0

References

http://www.securityfocus.com/bid/96562Third Party Advisory, VDB Entry
https://cxsecurity.com/issue/WLB-2017020196Third Party Advisory
https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1fPatch
https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601Patch, Release Notes
http://www.securityfocus.com/bid/96562Third Party Advisory, VDB Entry
https://cxsecurity.com/issue/WLB-2017020196Third Party Advisory
https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1fPatch
https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601Patch, Release Notes

Timeline

Published: Mar 6, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-5999?

How severe is CVE-2017-5999?

Severity scoring for CVE-2017-5999 is pending analysis. The EPSS model estimates a 1.14% probability of exploitation in the next 30 days.

How do I fix CVE-2017-5999?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-5999?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST