CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

PT-2022-7279 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the qcom rng read function in the Linux kernel, which can cause an infinite loop when the max value is not a multiple of WORD SZ. This can be reproduced by...

CVE-2022-26852

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise...

Code injection

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise...

CVE-2022-26852

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise...

CVE-2022-26852

Technical details about CVE-2022-26852 are not publicly provided in the supplied connected documents. Dell PowerScale OneFS versions 8.2.x-9.3.x are mentioned in the initial description, but no additional exploit specifics, impact, or remediation are given here. Monitor for updates.

aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.

...

Use of cryptographically weak random number generator for password generation

Description Umbraco has a GeneratePassword function that is used to generate passwords that should be unpredictable, this function uses the .NET Random class which isn't cryptographically secure. Impact This vulnerability is capable of allowing attackers to predict generated passwords and use the...

Linux Improves Its Random Number Generator

In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new -- identical -- algorithm based on the BLAKE2 hash function, which is an excellent security improvement...

The vulnerability in the implementation of the password reset function of the Fortinet FortiPortal security analysis and management tool allows a hacker to escalate their privileges.

The vulnerability of the password reset function implementation in the Fortinet FortiPortal security management and analysis tool is related to errors in the code of the pseudorandom number generator. Exploiting this vulnerability could allow an attacker to increase their privileges remotely...

Fortinet FortiPortal Security Feature Issue Vulnerability

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for use by MSPs. versions, a security feature issue vulnerability exists that stems from the use o...

Design/Logic Flaw

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...

CVE-2021-36171

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...

GHSA-VFP4-XX6M-7VF6 Cryptographic Issues in ECK

Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK...

Mageia: Security Advisory (MGASA-2016-0292)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Zulip

CVE-2021-43798 Grafana 8.x Path Traversal Pre-Auth All credi...

Insecure Random Number Generator

showdoc/showdoc uses an insecure random number generator. An attack is possible when user logged in by LDAP will lead to a weak password initialization, allowing an attacker to perform a brute-force attack to break the user password...

showdoc security feature issue vulnerability

showdoc is open source and a great tool for IT teams to share documents online. showDoc is vulnerable to a security feature issue that stems from the use of an encrypted weak pseudo-random number generator PRNG. No detailed vulnerability details are currently available...

CVE-2021-3990 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG...

Debian DLA-2788-1 : strongswan - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2788 advisory. Researchers at the United States of America National Security Agency NSA identified a denial of services vulnerability in strongSwan, an IKE/IPsec suite. Once the in-memory...