CVE-2023-46740

creationtimestamp| type| source ---|---|--- 2024-01-03 18:31:47+00:00| seen| https://t.me/ctinow/162519 2024-01-04 01:36:43+00:00| seen| https://t.me/cibsecurity/74330 2024-01-05 21:11:48+00:00| seen| https://t.me/arpsyndicate/2525 2024-01-23 21:02:07+00:00| seen| https://t.me/ctinow/172292...

CVE-2023-46740 Insecure random string generator used for sensitive data

CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string...

CVE-2023-46740 Insecure random string generator used for sensitive data

CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string...

CVE-2023-46740

Summary: CVE-2023-46740 affects CubeFS before v3.3.1, where an insecure random string generator used for user accessKeys could be predicted, enabling an attacker to impersonate users and obtain higher privileges. The root cause is the use of a weak RNG for sensitive per-user keys during user crea...