"encryptor" gem v2.0.0: AES-GCM nonce reuse vulnerability

[tarcieri]

I'm not sure this vulnerability ever received a CVE. It's described in the project's README:

https://github.com/attr-encrypted/encryptor#upgrading-from-v200-to-v300

This gem was encrypting all messages using the same key/nonce. This not only exposes the XOR of the plaintexts if you XOR together two ciphertexts, but it also leaks the AES-GCM authentication key, allowing an attacker to forge messages and potentially perform chosen ciphertext attacks, which could potentially enable full plaintext recovery (especially if they've e.g. compromised the database, which is the threat model attr_encrypted is designed to defend against).

[saghaulor]

More information on this vulnerability can be found here: https://github.com/attr-encrypted/encryptor/pull/22