OrientDB Server Community Edition uses insufficiently random values to generate session IDs

OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values in the server/network/protocol/http/OHttpSessionManager.java, which makes it easier for remote attackers to predict a value by...

Insecure Random Number Generation

zeppelin is vulnerable to insecure random number generation. It is insecure because it generates predictable random numbers using java.util.Random rather than using a cryptographically secure random number generator...

CVE-2006-6969

Jetty (versions: before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, 6.1 before 6.1.0pre3) uses java.util.Random to generate session IDs. This leads to predictable session identifiers that remote attackers could brute-force to guess sessions, potentially bypass authentication and enable cross-sit...

Jetty可预测随机会话ID漏洞

Jetty是一款流行的Java Web服务器。 Jetty的会话ID随机生成实现上存在漏洞，远程攻击者可能利用此漏洞获取非授权访问。 Jetty使用java.util.Random生成会话ID。java.util.random实现以下形式的线性同余随机数生成器： synchronized protected int nextint bits seed = seed 0x5DEECE66DL + 0xBL & 1L 48 - 1; return intseed 48 - bits;...