Lucene search
K

1850 matches found

Cvelist
Cvelist
added 2005/05/03 4:0 a.m.26 views

CVE-2005-0106

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...

6AI score0.00347EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2005/05/03 4:0 a.m.47 views

CVE-2005-0106

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...

4.6CVSS6AI score0.00347EPSS
Exploits0
CVE
CVE
added 2005/05/03 4:0 a.m.48 views

CVE-2005-0106

CVE-2005-0106 affects the perl module libnet-ssleay-perl (SSLeay.pm) before 1.25. When no entropy source is set in EGD_PATH, it falls back to the file /tmp/entropy, which an attacker with write access to that file could modify to weaken cryptographic operations. Consequence: potential partial imp...

4.6CVSS6AI score0.00347EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2005/05/03 4:0 a.m.13 views

CVE-2005-0106

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...

6AI score
Exploits0References4
CVE
CVE
added 2004/09/01 4:0 a.m.63 views

CVE-2003-0094

CVE-2003-0094 affects Mandrake Linux 8.2/9.0 util-linux mcookie. The patch changed the entropy source from /dev/random to /dev/urandom, making mcookie output more predictable and potentially aiding certain attacks. The Nessus advisory notes the patch was removed in these updates, restoring a bett...

5CVSS6.5AI score0.0155EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.20 views

Mandrake Linux Security Advisory : util-linux (MDKSA-2003:016)

The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the...

5CVSS5.4AI score0.0155EPSS
Exploits0References1
securityvulns
securityvulns
added 2003/08/20 12:0 a.m.34 views

Entropy sources information leakage

Entropy sources can be used for keystrokes timing attack...

2.2AI score
Exploits0References1
securityvulns
securityvulns
added 2003/08/19 12:0 a.m.23 views

unix entropy source can be used for keystroke timing attacks

Another bizarre vulnerability, for your amusement... Several unix systems systems provide a secure entropy source maintained by collecting certain information that is supposed to be practically unpredictable such as interrupt timings, keyboard scancodes or device request times, then running it th...

6.9AI score
Exploits0
NVD
NVD
added 2003/03/03 5:0 a.m.14 views

CVE-2003-0094

A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed...

5CVSS6.5AI score0.0155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2001/12/04 12:0 a.m.6 views

PT-2001-2103 · Valicert · Valicert Enterprise Validation Authority (Eva) Administration Server

Name of the Vulnerable Software and Affected Versions: ValiCert Enterprise Validation Authority EVA Administration Server versions 3.3 through 4.2.1 Description: The issue arises from the use of insufficiently random data. This affects two main areas: 1 the generation of session tokens for HSMs,...

7.5CVSS6.7AI score0.01594EPSS
Exploits1References8
Rows per page
Query Builder