80 matches found
CVE-2022-26852
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise...
CVE-2022-26852
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise...
Code injection
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise...
CVE-2022-26852
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise...
CVE-2022-26852
Technical details about CVE-2022-26852 are not publicly provided in the supplied connected documents. Dell PowerScale OneFS versions 8.2.x-9.3.x are mentioned in the initial description, but no additional exploit specifics, impact, or remediation are given here. Monitor for updates.
CVE-2022-26852
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise...
CVE-2020-28597
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...
Default credentials
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...
CVE-2020-28597
Epignosis EfrontPro 5.2.21 is affected by a password reset vulnerability where the reset token is generated from a predictable seed, enabling an attacker to reset passwords via the password-reset URL. Talos details show the hash is md5(reset_password_timestamp + login) and that the vulnerability ...
PT-2021-11567 · Epignosis · Epignosis Efrontpro
Name of the Vulnerable Software and Affected Versions: Epignosis EfrontPro version 5.2.21 Description: A predictable seed vulnerability exists in the password reset functionality. By predicting the seed, it is possible to generate the correct password reset 1-time token. An attacker can visit the...
CVE-2020-13784
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator...
CVE-2020-13784
CVE-2020-13784 concerns the D-Link DIR-865L Ax router with firmware 1.20B01 Beta, where the pseudo-random number generator uses a predictable seed. The connected CNVD entry confirms a security feature issue vulnerability for the same device/firmware, citing the easily guessable PRNG seed as the u...
Epignosis eFront LMS Password Reset authentication bypass vulnerability
Summary A predictable seed vulnerability eixsts in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the...
CVE-2013-6386
Drupal 6.x before 6.29 and 7.x before 7.24 uses PHP mt_rand with predictable seeds, allowing remote attackers to predict security strings and bypass restrictions via brute force. Impact includes potential unauthorized access or bypass of protections as described in multiple advisories. Mitigation...
CVE-2012-0808
as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...
CVE-2008-5659
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...
CVE-2008-5659
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...
Design/Logic Flaw
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...
CVE-2008-5659
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...
Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)
It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. CVE-2007-4782 Maksymilian Arciemowicz discovered a flaw in t...