Lucene search
K

973 matches found

Prion
Prion
added 2006/03/24 2:2 a.m.14 views

Design/Logic Flaw

PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator C++ rand function during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand seed values an...

4.9CVSS7AI score0.00319EPSS
Exploits1References5Affected Software1
securityvulns
securityvulns
added 2006/03/24 12:0 a.m.31 views

PasswordSafe 3.0 weak random number generator allows key recovery attack

Title : PasswordSafe 3.0 weak random number generator allows key recovery attack Date : March 23, 2006 Product : PasswordSafe 3.0 Discovered by : ElcomSoft Co.Ltd. Overview ====================================================================== PasswordSafe is a program originally written by...

0.4AI score
Exploits0
CVE
CVE
added 2006/03/14 7:0 p.m.40 views

CVE-2005-4730

Technical details (affected versions, impact, exploit info, and remediation) for CVE-2005-4730 are not publicly provided in the supplied documents. Monitor for updates.

10CVSS7AI score0.01379EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2006/03/14 7:0 p.m.17 views

CVE-2005-4730

Unspecified vulnerability in PEAR TextPassword 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds...

6.6AI score0.01379EPSS
Exploits0References2
NVD
NVD
added 2005/12/31 5:0 a.m.16 views

CVE-2005-4730

Unspecified vulnerability in PEAR TextPassword 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds...

10CVSS6.6AI score0.01379EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.33 views

EGD detection

A random number generator is listening on the remote port. Description : The Entropy Gathering Daemon is running on the remote host. EGD is a user space random generator for operating systems that lack /dev/random SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted...

7AI score
Exploits0References1
CVE
CVE
added 2005/09/27 4:0 a.m.59 views

CVE-2005-3087

The vulnerability concerns the SecureW2 3.0 TLS implementation, where the pre‑master secret (PMS) is generated using weak random number generators (rand/srand from system time). This weak RNG makes it easier for an attacker to guess the PMS and decrypt sensitive data, as described in the CVE reco...

5CVSS6.8AI score0.00989EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/05/29 12:0 a.m.19 views

Entropy Gathering Daemon (EGD) Detection

The Entropy Gathering Daemon is running on the remote host. EGD is a user space random generator for operating systems that lack /dev/random %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid18393; scriptversion"1.15"...

5.5AI score
Exploits0References1
securityvulns
securityvulns
added 2005/05/04 12:0 a.m.23 views

[SA15240] MaraDNS Unspecified Random Number Generator Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: MaraDNS Unspecified Random Number Generator...

0.5AI score
Exploits0
Cvelist
Cvelist
added 2005/04/21 4:0 a.m.19 views

CVE-2001-1467

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks...

6.7AI score0.02612EPSS
Exploits0References6
CVE
CVE
added 2005/04/14 4:0 a.m.83 views

CVE-2003-0900

Connected Nessus/NASL entries show that CVE-2003-0900 is mentioned as a related random-seed-for-fork issue in the context of Ruby upgrades, specifically noting that Ruby before 1.8.6-p114 does not reset the random seed on fork, a related issue to CVE-2003-0900. Additional advisories (CVE-2011-300...

5CVSS6.1AI score0.0124EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.25 views

Debian DSA-152-1 : l2tpd - missing random seed

Current versions of l2tpd, a layer 2 tunneling client/server program, forgot to initialize the random generator which made it vulnerable since all generated random number were 100% guessable. When dealing with the size of the value in an attribute value pair, too many bytes were able to be copied...

7.5CVSS5.4AI score0.01612EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.38 views

RHEL 2.1 : vnc (RHSA-2003:068)

Updated VNC packages are available to fix a weak cookie vulnerability. VNC is a tool for providing a remote graphical user interface. The VNC server acts as an X server, but the script for starting it generates an MIT X cookie which is used for X authentication without using a strong enough rando...

5CVSS5.5AI score0.01808EPSS
Exploits0References3
OSV
OSV
added 2003/12/31 5:0 a.m.6 views

CVE-2003-0900

Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers...

6.2AI score
Exploits0References1
NVD
NVD
added 2003/12/31 5:0 a.m.25 views

CVE-2003-0900

Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers...

5CVSS6.2AI score0.0124EPSS
Exploits0References1
securityvulns
securityvulns
added 2003/07/16 12:0 a.m.25 views

Multiple Citadel bugs

Weak PRNG, buffer overflows, DoS...

2.8AI score
Exploits0References1
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.30 views

CVE-2002-0872

l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions...

6.5AI score0.01612EPSS
Exploits0References3
CERT
CERT
added 2003/04/02 12:0 a.m.23 views

mkpasswd uses weak random number generator

Overview Mkpasswd generates passwords that are insufficiently random. Description Mkpasswd is a password generation utility included with Red Hat Linux and possibly other Linux distributions. Mkpasswd generates passwords that are not sufficiently random, which may allow an attacker to predict...

7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2003/03/14 12:0 a.m.30 views

l2tpd < 0.68 Multiple Vulnerabilities

The remote host is running a version of l2tpd prior to 0.67. This version is vulnerable to a buffer overflow that could allow an attacker to gain a root shell on this host. In addition, this program does not initialize its random number generator. Therefore, an attacker may predict some key value...

7.5CVSS5.9AI score0.01612EPSS
Exploits0References2
securityvulns
securityvulns
added 2003/02/08 12:0 a.m.32 views

Weak pkzip encryption

Weak PRNG open possibility for recovering encrypted text with known plain text attack with minimal amount of known text...

1.9AI score
Exploits0References1Affected Software1
Rows per page
Query Builder