17 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-34871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number...
OESA-2025-2654 bind security update
Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: Under...
CVE-2025-62710
CVE-2025-62710 affects Sakai (Sakai kernel-impl) where EncryptionUtilityServiceImpl initializes an AES-256 text encryptor password (serverSecretKey) with RandomStringUtils backed by java.util.Random. The non-cryptographic PRNG can be predicted from limited state/seed information, reducing the sea...
CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl
Debian OpenSSL Predictable PRNG - - - Links Original URL: http://metasploit.com/users/hdm/tools/debian-openssl/1 Mirror2 Exploit: + https://www.exploit-db.com/exploits/5622/ Perl3 + https://www.exploit-db.com/exploits/5720/ Python4 + https://www.exploit-db.com/exploits/5632/ Ruby12 Recommend Tool...
Weak Pseudo-Random Number Generator
chilkat is vulnerable to the Use Of Cryptographically Weak Pseudo-Random Number Generator PRNG. The vulnerability is due to the predictable nature of the Pseudo-Random Number Generator PRNG utilized in the ChilkatRand::randomBytes function, allowing attackers to obtain sensitive information...
libgcrypt security update
1.5.3-13.1 - fix CVE-2016-6313 - predictable PRNG output 1366105 1.5.3-13 - touch only urandom in the selftest and when /dev/random is unavailable for example by SELinux confinement - fix the RSA selftest key p q swap...
Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit to the exploit-vulnerability warning-the black bar safety net
From su bun's blog Very early on saw through this vulnerability, but since Y is a bruteforce, just don't be too concerned about yesterday and a friend chat to this vulnerability, look carefully at the next, hazard is still quite large, although the need for certain conditions before they can be...
Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (Python)
No description provided by source. !/bin/python This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version...
Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (Python)
Exploit for linux platform in category remote exploits =============================================================== Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit Python =============================================================== !/bin/python This program is free software; you can...
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
!/bin/python This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version. This program is distributed in the hope that i...
OpenSSL 0.9.8c-1 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Python)
OpenSSL 0.9.8c-1 0.9.8g-9 Debian and Derivatives - Predictable PRNG Brute Force SSH Python !/bin/python This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)
!/usr/bin/ruby Debian SSH Key Tester L4teral This tool helps to find user accounts with weak SSH keys that should be regenerated with an unaffected version of openssl. You will need the precalculated keys provided by HD Moore See http://metasploit.com/users/hdm/tools/debian-openssl/ for further...
OpenSSL 0.9.8c-1 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)
OpenSSL 0.9.8c-1 0.9.8g-9 Debian and Derivatives - Predictable PRNG Brute Force SSH Ruby !/usr/bin/ruby Debian SSH Key Tester L4teral This tool helps to find user accounts with weak SSH keys that should be regenerated with an unaffected version of openssl. You will need the precalculated keys...
OpenSSL 0.9.8c-1 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Perl)
OpenSSL 0.9.8c-1 0.9.8g-9 Debian and Derivatives - Predictable PRNG Brute Force SSH Perl the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. This leads to that the following perl script can be...
Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit
Exploit for multiple platform in category remote exploits ====================================================== Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit ====================================================== the debian openssl issue leads that there are only 65.536 possible ssh key...
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. This leads to that the following perl script can be used with the precalculated ssh keys to brute force the ssh login. It works if such a key...