CVE-2026-45787
Electerm Credential Exposure via Weak AES-192-CBC Encryption
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| electerm | electerm | 3.9.5 |
| electerm | electerm | to 3.9.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-916 | The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. |
| CWE-329 | The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key. |
| CWE-759 | The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. |
| CWE-353 | The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum. |
| CWE-326 | The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Electerm versions prior to 3.9.5 involves the use of an insecure encryption method for syncing bookmark and profile data.
Specifically, it uses deterministic AES-192-CBC encryption with a fixed zero initialization vector (IV), a constant key derivation function (KDF) salt, and lacks a message authentication code (MAC).
These weaknesses lead to failures in both confidentiality and integrity of the data.
Attackers can exploit this to crack common passwords across different installations and perform undetected bit-flips in the ciphertext to alter configurations or bookmarks.
This vulnerability was fixed in Electerm version 3.9.5.
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality and integrity of your synced bookmark and profile data in Electerm.
Attackers with network access and low privileges can crack common passwords used across installations.
They can also perform undetected modifications to your configuration or bookmarks by altering the encrypted data without detection.
While the confidentiality impact is high, the integrity impact is low, and there is no impact on availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying Electerm installations running versions prior to 3.9.5 that use the insecure encryption method for syncing bookmark and profile data.
Specifically, detection involves checking if Electerm is using deterministic AES-192-CBC encryption with a fixed zero initialization vector (IV), a constant key derivation function (KDF) salt, and no message authentication code (MAC).
Commands to detect vulnerable versions might include checking the Electerm version installed on your system, for example:
- electerm --version
- Checking the configuration or synced bookmark/profile data files for encryption format indicators (e.g., absence of "gcm:" prefix which indicates the newer AES-256-GCM format).
Network detection could involve monitoring for traffic patterns consistent with Electerm syncing data, but no specific network commands or signatures are provided in the available resources.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Electerm versions prior to 3.9.5 involves insecure encryption that leads to confidentiality and integrity failures for synced bookmark and profile data.
Such failures in protecting sensitive data could potentially impact compliance with data protection standards and regulations like GDPR and HIPAA, which require adequate safeguards to ensure confidentiality and integrity of personal and sensitive information.
Specifically, the use of deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no message authentication code (MAC) allows attackers to crack passwords and alter data undetected, which undermines data security controls mandated by these regulations.
Therefore, organizations using vulnerable versions of Electerm might face compliance risks if this vulnerability leads to unauthorized data access or modification.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Electerm to version 3.9.5 or later, where the vulnerability is fixed.
The fix involves changing the encryption algorithm from AES-192-CBC with fixed IV and salt to AES-256-GCM with a random initialization vector, random salt, and an authentication tag, which improves confidentiality and integrity.
Until the upgrade is applied, avoid using Electerm for syncing sensitive bookmark or profile data, and consider resetting passwords to stronger, less common ones to reduce the risk of password cracking.