4 matches found
GHSA-MR95-9RR4-668F Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...
CVE-2018-16115
CVE-2018-16115 affects Lightbend Akka 2.5.x prior to 2.5.16, where an RNG bug in AES128CounterSecureRNG/AES256CounterSecureRNG used in Akka Remoting (TLS for classic and Artery) can cause repeated random numbers. This enables an attacker to eavesdrop, replay, or modify messages in Akka Remoting/C...
Akka Remoting Component Remote Code Execution Vulnerability
Akka is an open source toolkit for building highly concurrent and distributed message-driven applications.Remoting component is one of the remote interaction component. A security vulnerability exists in the Remoting component in Akka versions 2.4.16 and earlier and 2.5-M1. A remote attacker can...