973 matches found
Design/Logic Flaw
PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator C++ rand function during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand seed values an...
PasswordSafe 3.0 weak random number generator allows key recovery attack
Title : PasswordSafe 3.0 weak random number generator allows key recovery attack Date : March 23, 2006 Product : PasswordSafe 3.0 Discovered by : ElcomSoft Co.Ltd. Overview ====================================================================== PasswordSafe is a program originally written by...
CVE-2005-4730
Technical details (affected versions, impact, exploit info, and remediation) for CVE-2005-4730 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2005-4730
Unspecified vulnerability in PEAR TextPassword 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds...
CVE-2005-4730
Unspecified vulnerability in PEAR TextPassword 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds...
EGD detection
A random number generator is listening on the remote port. Description : The Entropy Gathering Daemon is running on the remote host. EGD is a user space random generator for operating systems that lack /dev/random SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted...
CVE-2005-3087
The vulnerability concerns the SecureW2 3.0 TLS implementation, where the pre‑master secret (PMS) is generated using weak random number generators (rand/srand from system time). This weak RNG makes it easier for an attacker to guess the PMS and decrypt sensitive data, as described in the CVE reco...
Entropy Gathering Daemon (EGD) Detection
The Entropy Gathering Daemon is running on the remote host. EGD is a user space random generator for operating systems that lack /dev/random %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid18393; scriptversion"1.15"...
[SA15240] MaraDNS Unspecified Random Number Generator Vulnerability
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: MaraDNS Unspecified Random Number Generator...
CVE-2001-1467
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks...
CVE-2003-0900
Connected Nessus/NASL entries show that CVE-2003-0900 is mentioned as a related random-seed-for-fork issue in the context of Ruby upgrades, specifically noting that Ruby before 1.8.6-p114 does not reset the random seed on fork, a related issue to CVE-2003-0900. Additional advisories (CVE-2011-300...
Debian DSA-152-1 : l2tpd - missing random seed
Current versions of l2tpd, a layer 2 tunneling client/server program, forgot to initialize the random generator which made it vulnerable since all generated random number were 100% guessable. When dealing with the size of the value in an attribute value pair, too many bytes were able to be copied...
RHEL 2.1 : vnc (RHSA-2003:068)
Updated VNC packages are available to fix a weak cookie vulnerability. VNC is a tool for providing a remote graphical user interface. The VNC server acts as an X server, but the script for starting it generates an MIT X cookie which is used for X authentication without using a strong enough rando...
CVE-2003-0900
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers...
CVE-2003-0900
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers...
Multiple Citadel bugs
Weak PRNG, buffer overflows, DoS...
CVE-2002-0872
l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions...
mkpasswd uses weak random number generator
Overview Mkpasswd generates passwords that are insufficiently random. Description Mkpasswd is a password generation utility included with Red Hat Linux and possibly other Linux distributions. Mkpasswd generates passwords that are not sufficiently random, which may allow an attacker to predict...
l2tpd < 0.68 Multiple Vulnerabilities
The remote host is running a version of l2tpd prior to 0.67. This version is vulnerable to a buffer overflow that could allow an attacker to gain a root shell on this host. In addition, this program does not initialize its random number generator. Therefore, an attacker may predict some key value...
Weak pkzip encryption
Weak PRNG open possibility for recovering encrypted text with known plain text attack with minimal amount of known text...