CVE Vulnerabilities

CVE-2026-14969

Generation of Predictable IV with CBC Mode

Published: Jul 07, 2026 | Modified: Jul 09, 2026
CVSS 3.x
4.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
4.4 MODERATE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks.

Weakness

The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.

Affected Software

NameVendorStart VersionEnd Version
Directory_serverRedhat11.0 (including)11.0 (including)
Directory_serverRedhat12.0 (including)12.0 (including)
Directory_serverRedhat13.0 (including)13.0 (including)
389_directory_serverRedhat- (including)- (including)
Enterprise_linuxRedhat7.0 (including)7.0 (including)
Enterprise_linuxRedhat8.0 (including)8.0 (including)
Enterprise_linuxRedhat9.0 (including)9.0 (including)
Enterprise_linuxRedhat10.0 (including)10.0 (including)
389-ds-baseUbuntuquesting*

Extended Description

CBC mode eliminates a weakness of Electronic Code Book (ECB) mode by allowing identical plaintext blocks to be encrypted to different ciphertext blocks. This is possible by the XOR-ing of an IV with the initial plaintext block so that every plaintext block in the chain is XOR’d with a different value before encryption. If IVs are reused, then identical plaintexts would be encrypted to identical ciphertexts. However, even if IVs are not identical but are predictable, then they still break the security of CBC mode against Chosen Plaintext Attacks (CPA).

Potential Mitigations

References