CVE-2024-47945

The vulnerability CVE-2024-47945 affects the Rittal IoT Interface & CMC III Processing Unit (prior to version 6.21.00.2). Root cause: insufficient entropy in the session ID generation, with session IDs being predictable (only 32,768 per user) due to use of insecure rand() and missing srand(), so ...

CVE-2024-47945 Predictable Session ID

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

PT-2024-32907 · Rittal Gmbh & Co. Kg +1 · Iot Interface & Cmc Iii Processing Unit +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, wit...

CVE-2024-49193

Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, because Cc fields are extracted from incoming e-mail messages and used to grant additional authorization for ticket viewing, the mechanism for detecting spoofed e-mail messages is insufficient, and the...

GO-2024-3173 JUJU_CONTEXT_ID is a predictable authentication secret in github.com/juju/juju

JUJUCONTEXTID is a predictable authentication secret in github.com/juju/juju...

Use Of Uninitialized Variable

github.com/golang-fips/openssl is vulnerable to Use of Uninitialized Variable. The vulnerability is due to improper handling of uninitialized buffer lengths in FIPS mode, which can result in zeroed buffers being returned. This flaw allows an attacker to force false positive hash matches, send...

JUJU_CONTEXT_ID is a predictable authentication secret

JUJUCONTEXTID is the authentication measure on the unit hook tool abstract domain socket. It looks like JUJUCONTEXTID=appname/0-update-status-6073989428498739633. This value looks fairly unpredictable, but due to the random source used, it is highly predictable. JUJUCONTEXTID has the following...

CVE-2024-7558

JUJUCONTEXTID is a predictable authentication secret. On a Juju machine non-Kubernetes or Juju charm container on Kubernetes, an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJUCONTEXTID value. This gives the unprivileged user access to t...

CVE-2024-7558

CVE-2024-7558 is described as a vulnerability where JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CO...

Medium: c-ares

Issue Overview: Insufficient randomness in generation of DNS query IDs When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from th...

PT-2024-38418 · Canonical +1 · Juju +1

Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 Description: The JUJU CONTEXT ID is a predictable authentication secret. On a Juju machine or...

Spoofing Attack

mellium.im/xmpp is vulnerable to Spoofing Attack. The vulnerability is due to the implementation of the Mellium XMPP library, which does not check the stanza type and allows the use of predictable IDs, leading to the possibility of response spoofing...

USN-7024-1: tgt vulnerability

It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical...

Novell EDirectory DHOST Predictable Session Cookie

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell eDirectory DHOST Predictable Session Cookie', 'Description' = %q This module is able to predict the next session cookie value issued by th...

FIWARE Keyrock Encryption Issue Vulnerability

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...

GO-2022-0912 Predictable SIF UUID Identifiers in github.com/sylabs/sif

Predictable SIF UUID Identifiers in github.com/sylabs/sif...

CVE-2024-6348

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima 2022 allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests...

CVE-2024-6348 Predictable seed generation after ECU reset

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima 2022 allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests...

CVE-2024-6348

CVE-2024-6348 affects the Nissan Altima 2022 Blind Spot Protection Sensor ECU, specifically the UDS security access seed generation. The root cause is predictable seed generation, enabling an attacker to forecast the requested seeds and bypass security controls by repeatedly resetting the ECU and...

CVE-2024-6348 Predictable seed generation after ECU reset

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima 2022 allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests...