In gokey versions `<0.2.0`, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version `0.2.0`. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the `-s` option). Even if the input seed file stays the same, version `0.2.0` gokey will generate different secrets. ### Impact This vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the `-s` opt…
GHSA-69jw-4jj8-fcxm: gokey allows secret recovery from a seed file without the master password
gokey versions before 0.2.0 have a flaw in seed decryption allowing secret recovery without the master password, fixed in version 0.2.0.