26 matches found
CVE-2025-43866
Vantage6 Server JWT secret not cryptographically secure: the auto-generated key uses UUID1, which is partially predictable. This exposes potential forgery of security tokens. The issue is fixed in version 4.11.0; upgrading to 4.11.0+ or defining a custom JWT secret in configuration mitigates the ...
CVE-2023-4489
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access...
FusionCMS (FusionGen) Takeover account - Predictable Key and Password Generation in Password Recovery Feature
Description It was discovered that the password recovery feature on the website is vulnerable to predictable key and password generation. An attacker is able to predict the key used in the password recovery process and the generated password itself by using a specific PHP command and the user's...
Dell RSA BSAFE Crypto-J Encryption Issue Vulnerability
Dell RSA BSAFE Crypto-J is RSA's FIPS-validated Java cryptographic module. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5. An attacker could exploit this vulnerability to force both parties to compute the same predictable shared key...
CVE-2019-0729
An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'...
MatrixSSL < 3.8.7 Cryptographic Vulnerability
MatrixSSL is prone to a vulnerability in the modular exponentiation function. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...