2 matches found
Insecure Random Number Generation
akka-remote is vulnerable to insecure random number generation. When a custom random number generator is configured, if the AES128CounterSecureRNG and AES256CounterSecureRNG are enabled, a malicious user can easily guess the random number used during encryption and possibly eavesdrop onto ongoing...
CVE-2018-16115
Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...