ALPINE-CVE-2019-16910

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. For Mbed TLS, the fix...

CVE-2019-16910

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. For Mbed TLS, the fix...

Design/Logic Flaw

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. For Mbed TLS, the fix...

UBUNTU-CVE-2019-16910

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. For Mbed TLS, the fix...

PT-2019-14862

Name of the Vulnerable Software and Affected Versions Arm Mbed TLS versions prior to 2.19.0 Arm Mbed Crypto versions prior to 2.0.0 Description The issue arises when deterministic ECDSA is enabled, and an RNG with insufficient entropy for blinding is used. This might allow an attacker to recover ...

Honeywell C300 Controller Module

Binary data 764871.prm...

Design/Logic Flaw

A vulnerability in the Deterministic Random Bit Generator DRBG, also known as Pseudorandom Number Generator PRNG, used in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a cryptographic...

CVE-2019-1715

A vulnerability in the Deterministic Random Bit Generator DRBG, also known as Pseudorandom Number Generator PRNG, used in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a cryptographic...

CVE-2019-1715

CVE-2019-1715 affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD)Software. The issue is a low-entropy Deterministic Random Bit Generator (DRBG/PRNG) used for cryptographic key generation, which can allow an unauthenticated remote attacker to cause cryptographic collisions and pote...

DEBIAN-CVE-2018-1279

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports ...

Design/Logic Flaw

POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass a...

CVE-2018-15807

POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass a...

CVE-2018-12520

An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard...

Design/Logic Flaw

An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard...

CVE-2018-12520

An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard...

CVE-2018-12520

ntopng is affected by CVE-2018-12520: in versions prior to 3.4.180617, the PRNG used to generate session IDs is not seeded at startup, leading to deterministic session IDs and enabling a remote attacker to hijack user sessions. Public advisories (Ubuntu USN-4842-1, OSV entries) confirm the vulner...

CVE-2018-12520

Removed by vendor...

PT-2018-11228 · Ntop +1 · Ntopng +1

Name of the Vulnerable Software and Affected Versions: ntopng versions prior to 3.4.180617 Description: An issue was discovered where the pseudo-random number generator PRNG involved in generating session IDs is not seeded at program startup, resulting in deterministic session IDs for active user...

ntop-ng Authentication Bypass Vulnerability

Exploit for linux platform in category remote exploits Vulnerability title: ntop-ng 3.4.180617 - Authentication Bypass Author: Ioannis Profetis Contact: me at x86.re Vulnerable versions: 3.4.180617-4560 Fixed version: 3.4.180617 Link: ntop.org Date: 2.07.2018 CVE-2018-12520 Product Details ntopng...

NVIDIA SHIELD TV Security Engine Deterministic Random Bit Generator Information Disclosure Vulnerability

NVIDIA SHIELD TV is a gaming console device from NVIDIA.Security Engine is one of the security engines.Deterministic Random Bit Generator DRBG is one of the... A security vulnerability exists in DRBG of Security Engine in NVIDIA SHIELD TV SE 6.2 and prior versions, which arises from the program...