SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

Openmoney API 安全特征问题漏洞

The Openmoney API is a domain-driven model consisting of supervisors, namespaces, currencies, accounts, and journals. A security vulnerability exists in the Openmoney API that stems from the use of the JavaScript Math.random function, which does not provide cryptographically secure random numbers...

GHSA-Q4V3-WMM6-HCRX pyrad is vulnerable to the use of Insufficiently Random Values

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

pyrad is vulnerable to the use of Insufficiently Random Values

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

in beestat/app

✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. In this case the function that generates weak random numbers is mtrand in user.php at line 58. 🕵️‍♂️ Proof of Concept Vulnerable Code / Create an anonymous user so we can log in and have access...

in w7corp/easywechat

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

in phpservermon/phpservermon

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

GHSA-44R7-7P62-Q3FR miekg/dns insecurely generates random numbers

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

CVE-2020-16271

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection...

Design/Logic Flaw

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection...

CVE-2020-16271

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection...

IBM Security Guardium Security Feature Issue Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A security vulnerability exists in IBM Security Guardium versions 10.6...

Code injection

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network...

CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

Information disclosure

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

CVE-2013-0294

CVE-2013-0294 affects the pyrad library: packet.py before version 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, enabling easier brute-force access to sensitive data. The vulnerability is in the random/entropy source used for authenticators and password hashing...

Unspecified vulnerability in miekg Go DNS package

miekg Go DNS package is a DNS server software package. A security vulnerability exists in miekg Go DNS package versions prior to 1.1.25 used in CoreDNS versions prior to 1.6.6 and other products, which stems from the program not properly generating random numbers. An attacker can exploit the...