nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

PT-2022-22662 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js version 18 Description: A weak randomness issue exists in the WebCrypto keygen due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/crypto keygen.cc. There are two main problems: 1. The return value of...

Insecure Entropy Source - Math.random() in node-uuid

Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's. Recommendation Update to version 1.4.4 or later...

The vulnerability of the PRNG component of the FortiOS operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the PRNG component in the FortiOS operating system relates to the use of a weak entropy source during key generation. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information, when FortiOS acts as a client...

Node.js third-party modules: [crypto-js] Insecure entropy source - Math.random()

Module module name: crypto-js version: 3.1.9-1 npm page: https://www.npmjs.com/package/crypto-js Module Description JavaScript library of crypto standards. Module Stats Replace stats below with numbers from npm’s module page: 184959 downloads in the last day 912568 downloads in the last week...

Unsafe Pseudorandom Number Generation Through The Use Of Insecure Entropy Source

uuid and node-uuid have flaws which lead to the use of an insecure entropy source "Math.random" to generate pseudorandom numbers instead of using a secure Cryptographic API...

CVE-2018-8435

A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

Windows Hyper-V Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source. To exploit this vulnerability, an attacker would need to reboot a guest virtual machine numerous times until the vulnerability is triggered. The security update addresses the...

DSA-2833-1 openssl - several

Bulletin has no description...

CVE-2008-5162

The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various...

CVE-2008-5162

The CVE-2008-5162 entry concerns FreeBSD kernel arc4random(9) and its entropy source during the first boot minutes. Technical details across connected docs show: affected software is FreeBSD 6.3–7.1 kernels; problem is insufficient entropy immediately after boot, delaying reseeding from Yarrow an...

SuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-4193)

This kernel update brings the kernel to the one shipped with SLES 10 Service Pack 1 and also fixes the following security problems: - CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers IPV6RTHDRTYPE0 that create network...

Ubuntu 5.04 : libnet-ssleay-perl vulnerability (USN-113-1)

Javier Fernandez-Sanguino Pena discovered that this library used the file /tmp/entropy as a fallback entropy source if a proper source was not set in the environment variable EGDPATH. This can potentially lead to weakened cryptographic operations if an attacker provides a /tmp/entropy file with...

DEBIAN-CVE-2005-0106

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...

CVE-2003-0094

CVE-2003-0094 affects Mandrake Linux 8.2/9.0 util-linux mcookie. The patch changed the entropy source from /dev/random to /dev/urandom, making mcookie output more predictable and potentially aiding certain attacks. The Nessus advisory notes the patch was removed in these updates, restoring a bett...

unix entropy source can be used for keystroke timing attacks

Another bizarre vulnerability, for your amusement... Several unix systems systems provide a secure entropy source maintained by collecting certain information that is supposed to be practically unpredictable such as interrupt timings, keyboard scancodes or device request times, then running it th...