>you can modify a byte in the IV(assuming the IV is stored alongside the ciphertext) to modify the corresponding byte in the first plaintext block without a trace.
So with this vulnerability, the attacker can... cause you to enter a wrong password. That's kinda annoying, but at the end of the day it's a DoS attack, and even though using AEAD ciphers would prevent this specific attack, it won't prevent other DoS attacks (eg. blocking/mangling all DNS traffic).
So with this vulnerability, the attacker can... cause you to enter a wrong password. That's kinda annoying, but at the end of the day it's a DoS attack, and even though using AEAD ciphers would prevent this specific attack, it won't prevent other DoS attacks (eg. blocking/mangling all DNS traffic).