10 matches found
CVE-2025-69217
A flaw was found in coturn. A remote attacker can exploit a predictable random number generator used for nonces and port randomization. By sending a series of unauthenticated requests, an attacker can reconstruct the random number generator's state, allowing them to predict future nonces and port...
CVE-2025-69217
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...
CVE-2025-69217
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...
UBUNTU-CVE-2025-69217
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...
CVE-2025-69217
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...
EUVD-2025-205680
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...
CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...
CVE-2025-69217
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...
PT-2025-53832
Name of the Vulnerable Software and Affected Versions coturn versions 4.6.2r5 through 4.7.0-r4 Description coturn, a free open source implementation of TURN and STUN Server, contains a flaw related to its random number generator. Specifically, the random number generator for nonces and port...
Insecure Randomness
Overview Affected versions of this package are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in th...