4 matches found
CVE-2026-47831 Cryptographically Weak Password Generation in bosh-windows-stemcell-builder Allows Remote SSH Brute-Force Attacks
Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...
CVE-2026-47831
The vulnerability affects bosh-windows-stemcell-builder. The GenerateRandomPassword function uses a cryptographically weak RNG, enabling a remote attacker to brute-force SSH logins over TCP/22. Affected versions are prior to v2019.98. Mitigation: upgrade to v2019.98 or later. CVSS metrics indicat...
EUVD-2026-42517
Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...
CVE-2026-47830
Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...