Red Hat Bugzilla – Bug 827178
python-keyring: CryptedFileKeyring uses AES/CFB insecurely
Last modified: 2013-02-15 11:51:50 EST
It was found  that python-keyring's CryptedFileKeyring uses AES/CFB in an insecure manner. CFB requires an unpredictable IV, but CryptedFileKeyring did not pass one, which meant that in python-crypto < 2.6, it was set to '\0' * 16 (entirely predictable value). In python-crypto 2.6, it is mandatory to specify an IV.
On Fedora, when using python-crypto 2.6+, python-keyring will not work; with earlier versions it will continue to work, but use the predictable IV.
Created python-keyring tracking bugs for this issue
Affects: fedora-all [bug 827180]
*** This bug has been marked as a duplicate of bug 872260 ***