CVE-2026-0681 Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-6019

Name of the Vulnerable Software and Affected Versions Extended Random Number Generator versions prior to 1.2 Description The Extended Random Number Generator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin settings. Insufficient input sanitization and output...

EUVD-2014-4122

Malware in sbrugna...

The "Extended Random" Feature in the BSAFE Crypto Library

Matthew Green wrote a fascinating blog post about the NSA's efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA's backdoor into the DUALECPRNG random number generator to weaken TLS...

CVE-2014-4193

The TLS implementation in EMC RSA BSAFE-Java Toolkits aka Share for Java supports the Extended Random extension during use of the DualECDRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than...

CVE-2014-4193

CVE-2014-4193 concerns the TLS implementation in EMC RSA BSAFE-Java Toolkits (Share for Java) . The vulnerability arises from the TLS stack using the Extended Random extension while Dual_EC_DRBG is in use, which can allow an observer to recover enough state to obtain plaintext from TLS sessions b...

CVE-2014-4193

The TLS implementation in EMC RSA BSAFE-Java Toolkits aka Share for Java supports the Extended Random extension during use of the DualECDRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than...

Matthew Green on the NSA and Crypto Backdoors

Dennis Fisher talks with Matthew Green of Johns Hopkins University about the paper he co-authored on the Extended Random extension for Dual EC DRBG and whether it could be considered a backdoor. Download: digitalunderground149.mp3...

Extended Random Extension Made Cracking BSAFE Trivial

UPDATE: Known theoretical attacks against TLS using the troubled Dual EC random number generator— something an intelligence agency might try its hand at—are in reality a bit more challenging than we’ve been led to believe. The addition of the Extended Random extension to RSA Security’s BSAFE...

Second NSA Crypto Tool Found in RSA BSafe

A team of academics released a study on the maligned Dual EC DRBG algorithm used in RSA Security’s BSafe and other cryptographic libraries that includes new evidence that the National Security Agency used a second cryptographic tool alongside Dual EC DRBG in Bsafe to facilitate spying. Allegation...

NOT JUST ONE! RSA adopted Two NSA Backdoored Encryption Tools

The respected encryption and network security company RSA Security now a division of EMC, whose respect was already on stack after revelation by former NSA contractor Edward Snowden revealed that the NSA created a flawed random number generation system DualECDRBG, Dual Elliptic Curve, which the...