GHSA-848F-MPH5-9PM9 Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability

In Zend Framework, ZendCaptchaWord v1 and Zend\Captcha\Word v2 generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal arrayrand function. This function does not generate...

ZendFramework1 Potential Insufficient Entropy Vulnerability

We discovered several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. These random number generators are used in the following method calls: ZendLdapAttribute::createPassword ZendFormElementHash::generateHash ZendGdataHttpClient::filterHttpRequest...

GHSA-8XHV-GQM4-3W99 ZendFramework1 Potential Insufficient Entropy Vulnerability

We discovered several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. These random number generators are used in the following method calls: ZendLdapAttribute::createPassword ZendFormElementHash::generateHash ZendGdataHttpClient::filterHttpRequest...

GHSA-MG4X-PRH7-G4MX Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability

In Zend Framework, ZendCaptchaWord v1 and Zend\Captcha\Word v2 generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal arrayrand function. This function does not generate...

Use Of Cryptographically Weak Pseudo-Random Number Generator

stormpath/sdk is vulnerable to Use Of Cryptographically Weak Pseudo-Random Number Generator. This vulnerability is due to an insecure generation of UUID version 4...

FOSUserBundle Entropy is lost in the TokenGenerator

Description Because of the usage of baseconvert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically...

Observable Timing Discrepancy

1Panel is vulnerable to Observable Timing Discrepancy. The vulnerability is due to the use of != for comparisons of cryptographically sensitive password verification operations, rather than hmac.Equal. This can lead to timing attack vulnerability...

CVE-2023-4472 Cryptographically weak PRNG in Opinio 7.22

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator PRNG coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application...

PT-2024-13199 · Objectplanet · Objectplanet Opinio

Name of the Vulnerable Software and Affected Versions: Objectplanet Opinio versions 7.22 and prior Description: The issue is related to the use of a cryptographically weak pseudo-random number generator PRNG coupled to a predictable seed, which could lead to an unauthenticated account takeover of...

GHSA-82VR-5769-6358 Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification

Impact The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. Privacy requests allow data subjects to submit a request to access all person data held by the data controller, or delete/erase it. Consent reque...

Weak 2FA Code Generation

Fides is vulnerable to Weak Code Generation. The vulnerability is due to the usage of the python random module used for generating one time codes in the Privacy and Consent request process which is considered to be a cryptographically weak pseudo-random number generator. This issue allows an...

Arbitrary file deletion

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller use...

CVE-2023-48224 Cryptographically Weak Generation of One-Time Codes for Identity Verification in ethyca-fides

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller use...

CVE-2023-36993

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts...

JetBrains TeamCity 日志信息泄露漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A logging information disclosure vulnerability exists ...

AZL-26870 CVE-2023-31147 affecting package fluent-bit for versions less than 2.1.10-1

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

CVE-2023-2884

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

Design/Logic Flaw

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

CVE-2023-2884

CVE-2023-2884 concerns CBOT Chatbot’s cryptographically weak PRNG and insufficiently random values, enabling signature spoofing by key recreation. Public details indicate affected components: Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. The vulnerability resides in the randomness used for ...

CVE-2023-2884 Insecure Randomness in CBOT's Chatbot

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...