Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py
Issue closed by author.
This CVE does appear to be a false positive. I'd recommend that a project maintainer contact the CVE program to dispute this CVE.
Contact form: https://cveform.mitre.org/
Select a request type "Request an update to an existing CVE Entry."
Type of update requested: "Rejection"
Fill out CVE ID + Rationale
As @terjeros pointed out, MySQL uses AES ECB for this specific purpose, and this library is compatible with MySQL.
@gxx777 - I'd recommend contacting the MySQL server project to discuss the use of AES ECB by the MySQL Configuration Utility to determine if it should be considered a vulnerability!
Thanks! Invalid for us then.