CVE-2021-41117 Insecure random number generation

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

in star7th/showdoc

✍️ Description The referenced code block computes a MD5 hash based on a string "rgrsfsrfsrf", the current time, and a random number. The string used is static and does not appear to change, therefore I'm not sure why it is there in the first place as it does not provide any additional security...

CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...

CVE-2021-22309

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions...

CVE-2020-25232

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port...

Design/Logic Flaw

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

Design/Logic Flaw

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

Insecure Random

crypto-js uses an insecure random. An attacker is able to guess and discover generated values due to biasness in the secureRandom function...

CVE-2020-9449

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...

Design/Logic Flaw

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...

CVE-2020-9449

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...

Insecure Random Generator

github.com/miekg/dns uses an insecure random generation for transaction IDs. The default Id function uses an insecure math/rand function, resulting in predictable output and allowing an attacker to exploit the vulnerability to forge responses without being on path...

CVE-2019-8113

Summary (CVE-2019-8113): Magento 2.2 versions before 2.2.10 and Magento 2.3 versions before 2.3.3 (or 2.3.2-p1) use a cryptographically weak random number generator to brute‑force the confirmation code during customer registration. This is mitigated by applying the security update referenced (Mag...

CVE-2018-15795

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service...

Insecure Random

bip39 is vulnerable to insecure random attacks. The vulnerability exists due to the usage of less secure random bytes generator to generate a mnemonic string...

Insecure Random Number Generation

cryptiles is vulnerable to insecure random number generation. The application uses the randomDigits method which does not have sufficient entropy to be securely random, allowing an attacker to gain access through a brute-force attack...

GNU GCC Insecure Random Number Generator Vulnerability

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. An insecure random number generator vulnerability exists in GNU GCC. An attacker could exploit the vulnerability to gain access to perform certain unauthorized operations...

Insecure Random Number Generation

github.com/vmware/harbor uses math/rand to generate salt values. This is not cryptographically secure and makes it easier for attackers to brute force the value...