Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Missing Encryption of Sensitive Data Vulnerability - CVE-2010-3299 - Vulnerability Database
Ruby on Rails

Ruby on Rails Missing Encryption of Sensitive Data Vulnerability - CVE-2010-3299

Medium
Reference: CVE-2010-3299
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-3299
Title: Ruby on Rails Missing Encryption of Sensitive Data Vulnerability
Overview:

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.