42 matches found
Generation of Predictable Numbers or Identifiers
Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the toBuffer function. An attacker can predict cryptographic keys that were generated using Uint8Array inputs on affected Node.js versions, leading to compromised security of derived...
Generation of Predictable Numbers or Identifiers
Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the pbkdf2Sync method. An attacker can obtain predictable or uninitialized memory as a cryptographic key when key derivation is used with unsupported or non-normalized algorithm names...
CVE-2021-23020
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...
CVE-2020-26107
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys SEC-561...
Use Of Uninitialized Variable
github.com/golang-fips/openssl is vulnerable to Use of Uninitialized Variable. The vulnerability is due to improper handling of uninitialized buffer lengths in FIPS mode, which can result in zeroed buffers being returned. This flaw allows an attacker to force false positive hash matches, send...
CVE-2023-27169
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...
Hardcoded credentials
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...
PT-2023-20985 · Xpand It · Xpand It Write-Back Manager
Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back manager version 2.3.1 Description: The issue arises from the use of a hardcoded salt in the license class configuration, leading to the generation of hardcoded and predictable symmetric encryption keys for license generati...
CVE-2021-23020
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...
Code injection
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...
Cisco ACE30 and ACE4710 OpenSSL 'ChangeCipherSpec' MiTM Vulnerability
The remote device is running a software version known to be affected by an OpenSSL related vulnerability. The flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable...
OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability
The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle MiTM attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by...
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl
Debian OpenSSL Predictable PRNG - - - Links Original UR...
cumin: weak session keys
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...
PT-2012-4445 · Tridium · Tridium Niagara Ax Framework
Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX Framework versions prior to 3.8 is not mentioned, however, it is mentioned that versions through 3.6 are affected. Therefore: Tridium Niagara AX Framework versions through 3.6 Description: The issue is related to the use of...
CVE-2003-1391
RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase...
CVE-2003-1391
The provided data identifies CVE-2003-1391 affecting RTS CryptoBuddy 1.0 and 1.2, where a weak encryption algorithm for the passphrase and generation of predictable keys are cited as the underlying flaws, making passphrase guesses easier. The CVSS metrics indicate a high-severity, network-attack ...
CVE-2003-1391
RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase...
Keys generated with PGP5i batch mode do not contain sufficient randomness on systems that use /dev/random
Overview Under certain circumstances, PGP v5.0 generates keys that are not sufficiently random, which may allow an attacker to predict keys and, hence, recover information encrypted with that key. Description Generating Randomness in PGP Keys In order to generate cryptographically secure keys, PG...
CVE-2000-0445
The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys...