Lucene search
K

42 matches found

Snyk
Snyk
added 2025/06/23 10:42 p.m.2 views

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the toBuffer function. An attacker can predict cryptographic keys that were generated using Uint8Array inputs on affected Node.js versions, leading to compromised security of derived...

9.1CVSS6.8AI score0.00387EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/23 10:41 p.m.3 views

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the pbkdf2Sync method. An attacker can obtain predictable or uninitialized memory as a cryptographic key when key derivation is used with unsupported or non-normalized algorithm names...

9.1CVSS6.8AI score0.00359EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.5 views

CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...

5.5CVSS6.9AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.7 views

CVE-2020-26107

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys SEC-561...

7.5CVSS7AI score0.01385EPSS
Exploits0
Veracode
Veracode
added 2024/10/06 7:11 p.m.10 views

Use Of Uninitialized Variable

github.com/golang-fips/openssl is vulnerable to Use of Uninitialized Variable. The vulnerability is due to improper handling of uninitialized buffer lengths in FIPS mode, which can result in zeroed buffers being returned. This flaw allows an attacker to force false positive hash matches, send...

6.5CVSS6.7AI score0.00297EPSS
Exploits0References14Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/12 12:15 p.m.3 views

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.5CVSS6.6AI score0.00263EPSS
Exploits0References5
Prion
Prion
added 2023/09/12 12:15 p.m.25 views

Hardcoded credentials

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.4CVSS6.5AI score0.00263EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.4 views

PT-2023-20985 · Xpand It · Xpand It Write-Back Manager

Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back manager version 2.3.1 Description: The issue arises from the use of a hardcoded salt in the license class configuration, leading to the generation of hardcoded and predictable symmetric encryption keys for license generati...

6.5CVSS6.3AI score0.00263EPSS
Exploits0References8
NVD
NVD
added 2021/06/01 1:15 p.m.36 views

CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...

5.5CVSS0.00255EPSS
Exploits0References1
Prion
Prion
added 2021/06/01 1:15 p.m.28 views

Code injection

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...

2.1CVSS5.5AI score0.00255EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/06/18 12:0 a.m.261 views

Cisco ACE30 and ACE4710 OpenSSL 'ChangeCipherSpec' MiTM Vulnerability

The remote device is running a software version known to be affected by an OpenSSL related vulnerability. The flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable...

7.4CVSS7.3AI score0.95326EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2014/06/05 12:0 a.m.1251 views

OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability

The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle MiTM attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by...

7.4CVSS8.3AI score0.99977EPSS
Exploits14References10
GithubExploit
GithubExploit
added 2013/09/22 9:20 p.m.32 views

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

Debian OpenSSL Predictable PRNG - - - Links Original UR...

7.8CVSS7.3AI score0.70721EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2012/09/19 5:33 p.m.8 views

cumin: weak session keys

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

5.8CVSS5.8AI score0.02203EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2012/08/16 12:0 a.m.4 views

PT-2012-4445 · Tridium · Tridium Niagara Ax Framework

Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX Framework versions prior to 3.8 is not mentioned, however, it is mentioned that versions through 3.6 are affected. Therefore: Tridium Niagara AX Framework versions through 3.6 Description: The issue is related to the use of...

5CVSS6.4AI score0.02198EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/10/19 10:0 a.m.19 views

CVE-2003-1391

RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase...

6.5AI score0.00697EPSS
Exploits0References3
CVE
CVE
added 2007/10/19 10:0 a.m.39 views

CVE-2003-1391

The provided data identifies CVE-2003-1391 affecting RTS CryptoBuddy 1.0 and 1.2, where a weak encryption algorithm for the passphrase and generation of predictable keys are cited as the underlying flaws, making passphrase guesses easier. The CVSS metrics indicate a high-severity, network-attack ...

7.5CVSS6.9AI score0.00697EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2003/12/31 5:0 a.m.16 views

CVE-2003-1391

RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase...

7.5CVSS6.5AI score0.00697EPSS
Exploits0References3
CERT
CERT
added 2001/08/10 12:0 a.m.24 views

Keys generated with PGP5i batch mode do not contain sufficient randomness on systems that use /dev/random

Overview Under certain circumstances, PGP v5.0 generates keys that are not sufficiently random, which may allow an attacker to predict keys and, hence, recover information encrypted with that key. Description Generating Randomness in PGP Keys In order to generate cryptographically secure keys, PG...

2.1CVSS6.2AI score0.00413EPSS
Exploits0References2
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.20 views

CVE-2000-0445

The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys...

6.7AI score0.00413EPSS
Exploits0References4
Rows per page
Query Builder