Internet Bug Bounty: Use of Cryptographically Weak Pseudo-Random Number Generator in WebCrypto keygen

A weak randomness vulnerability existed in WebCrypto keygen in Node.js 18, due to a change in EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. The vulnerability allowed for the possibility of non-cryptographically strong random data being used as keying material...

CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

Apple’s passkeys attempt to solve the password problem

The recent Apple Worldwide Developers Conference WWDC revealed another teasing of what has been referred to as "the end of passwords forever". Passkeys are a "new biometric sign-in standard". Biometrics in security circles are used for things like identity cards, building access, and so on. This...

Debian DLA-2138-1 : wpa security update

Similar to CVE-2016-10743 the host access point daemon, hostapd, in EAP mode used a low quality pseudorandom number generator that leads to insufficient entropy. The problem was resolved by using the osgetrandom function which provides cryptographically strong pseudo random data. For Debian 8...

CVE-2019-10754

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...

Design/Logic Flaw

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

Server: Insufficiently random values

The rand and mtrand functions in PHP 5.4.x do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in ownCloud 4.0.x. For...

Scientific Linux Security Update : openssl on SL5.x i386/x86_64

CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests DoS It was found that the OpenSSL library did not properly re-initialize its internal state in the SSLlibraryinit function after previous calls to the...

Protected Web Page Detection

The remote web server requires HTTP authentication for the following pages. Several authentication schemes are available : - Basic is the simplest, but the credentials are sent in cleartext. - NTLM provides an SSO in a Microsoft environment, but it cannot be used on both the proxy and the web...

RedHat Security Advisory RHSA-2009:1207

The remote host is missing updates to Netscape Portable Runtime NSPR and Network Security Services NSS announced in advisory RHSA-2009:1207. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7...

Critical: Red Hat Security Advisory: nspr and nss security update

Updated nspr and nss packages that fix security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime NSPR provides platform independence for...

CVE-2008-4107

The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...