2 matches found
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...
CVE-2021-36171
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...