1850 matches found
CVE-2005-0106
SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...
CVE-2005-0106
SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...
CVE-2005-0106
CVE-2005-0106 affects the perl module libnet-ssleay-perl (SSLeay.pm) before 1.25. When no entropy source is set in EGD_PATH, it falls back to the file /tmp/entropy, which an attacker with write access to that file could modify to weaken cryptographic operations. Consequence: potential partial imp...
CVE-2005-0106
SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...
CVE-2003-0094
CVE-2003-0094 affects Mandrake Linux 8.2/9.0 util-linux mcookie. The patch changed the entropy source from /dev/random to /dev/urandom, making mcookie output more predictable and potentially aiding certain attacks. The Nessus advisory notes the patch was removed in these updates, restoring a bett...
Mandrake Linux Security Advisory : util-linux (MDKSA-2003:016)
The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the...
Entropy sources information leakage
Entropy sources can be used for keystrokes timing attack...
unix entropy source can be used for keystroke timing attacks
Another bizarre vulnerability, for your amusement... Several unix systems systems provide a secure entropy source maintained by collecting certain information that is supposed to be practically unpredictable such as interrupt timings, keyboard scancodes or device request times, then running it th...
CVE-2003-0094
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed...
PT-2001-2103 · Valicert · Valicert Enterprise Validation Authority (Eva) Administration Server
Name of the Vulnerable Software and Affected Versions: ValiCert Enterprise Validation Authority EVA Administration Server versions 3.3 through 4.2.1 Description: The issue arises from the use of insufficiently random data. This affects two main areas: 1 the generation of session tokens for HSMs,...