Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG seeded with predictable values in the secretkey and hashidsalt. An attacker can gain unauthorized access to any user account, including administrators, by brute-forcing t...

EUVD-2019-0451

Malware in sbrugna...

CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

CVE-2023-4472 Cryptographically weak PRNG in Opinio 7.22

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator PRNG coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application...

Design/Logic Flaw

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

CVE-2023-2884

CVE-2023-2884 concerns CBOT Chatbot’s cryptographically weak PRNG and insufficiently random values, enabling signature spoofing by key recreation. Public details indicate affected components: Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. The vulnerability resides in the randomness used for ...

GHSA-P4CC-W597-6CPM Cryptographically weak PRNG in `utils.generateUUID`

In Brief utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and potentially earlier used a cryptographically insecure Pseudo-random number generator Math.random, which meant that a specially crafted script combined with multiple invocations...

CVE-2021-3990

Technical details (affected versions, root cause specifics, and fixes) for CVE-2021-3990 are not publicly available in the provided connected documents. Monitor for updates from vendors and vulnerability databases.

CVE-2021-3678 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG...

GHSA-6QQF-VVCR-7QRV Cryptographically Weak PRNG in generate-password

Affected versions of generate-password generate random values that are biased towards certain characters depending on the chosen character sets. This may result in guessable passwords. Recommendation Update to version 1.4.1 or later...

Cryptographically Weak PRNG in randomatic

Affected versions of randomatic generate random values using a cryptographically weak psuedo-random number generator. This may result in predictable values instead of random values as intended. Recommendation Update to version 3.0.0 or later...