Vulnerabilities (CVE)

Filtered by CWE-338
Total 54 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29245 1 Project 1 2022-06-14 4.3 MEDIUM 5.9 MEDIUM
SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `` key exchange algorithms.
CVE-2021-34600 1 Telenot 1 Compasx 2022-04-28 5.0 MEDIUM 7.5 HIGH
Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.
CVE-2020-28924 2 Fedoraproject, Rclone 2 Fedora, Rclone 2022-04-26 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.
CVE-2022-26779 1 Apache 1 Cloudstack 2022-03-22 4.6 MEDIUM 7.5 HIGH
Apache CloudStack prior to used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.
CVE-2021-36171 1 Fortinet 1 Fortiportal 2022-03-09 6.8 MEDIUM 8.1 HIGH
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.
CVE-2013-20003 1 Silabs 10 Zgm130s037hgn, Zgm130s037hgn Firmware, Zgm2305a27hgn and 7 more 2022-02-09 7.9 HIGH 8.3 HIGH
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.
CVE-2021-43799 1 Zulip 1 Zulip 2022-02-02 5.0 MEDIUM 9.8 CRITICAL
Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation (until first reboot, or restart of RabbitMQ) does not successfully limit the default ports which RabbitMQ opens; this includes port 25672, the RabbitMQ distribution port, which is used as a management port. RabbitMQ's default "cookie" which protects this port is generated using a weak PRNG, which limits the entropy of the password to at most 36 bits; in practicality, the seed for the randomizer is biased, resulting in approximately 20 bits of entropy. If other firewalls (at the OS or network level) do not protect port 25672, a remote attacker can brute-force the 20 bits of entropy in the "cookie" and leverage it for arbitrary execution of code as the rabbitmq user. They can also read all data which is sent through RabbitMQ, which includes all message traffic sent by users. Version 4.9 contains a patch for this vulnerability. As a workaround, ensure that firewalls prevent access to ports 5672 and 25672 from outside the Zulip server.
CVE-2021-45489 1 Netbsd 1 Netbsd 2022-01-10 5.0 MEDIUM 7.5 HIGH
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
CVE-2021-3990 1 Showdoc 1 Showdoc 2021-12-02 4.3 MEDIUM 6.5 MEDIUM
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2011-4574 1 Polarssl 1 Polarssl 2021-10-28 7.5 HIGH 9.8 CRITICAL
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
CVE-2021-27913 1 Acquia 1 Mautic 2021-09-03 3.5 LOW 3.5 LOW
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
CVE-2021-3047 1 Paloaltonetworks 1 Pan-os 2021-08-19 3.5 LOW 3.1 LOW
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted.
CVE-2021-37553 1 Jetbrains 1 Youtrack 2021-08-13 5.0 MEDIUM 7.5 HIGH
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
CVE-2021-3678 1 Showdoc 1 Showdoc 2021-08-11 4.3 MEDIUM 5.9 MEDIUM
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2020-35926 1 Nanorand Project 1 Nanorand 2021-07-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.
CVE-2019-15075 1 Inextrix 1 Astpp 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.
CVE-2021-0131 1 Intel 219 Secl-dc, Xeon Bronze 3104, Xeon Bronze 3106 and 216 more 2021-06-21 4.0 MEDIUM 6.5 MEDIUM
Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access.
CVE-2021-3538 1 Go.uuid Project 1 Go.uuid 2021-06-14 7.5 HIGH 9.8 CRITICAL
A flaw was found in in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.
CVE-2008-3280 1 Openid 1 Openid 2021-05-27 4.3 MEDIUM 5.9 MEDIUM
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.
CVE-2021-29245 1 Btcpayserver 1 Btcpay Server 2021-05-11 5.0 MEDIUM 5.3 MEDIUM
BTCPay Server through uses a weak method Next to produce pseudo-random values to generate a legacy API key.