Lucene search
K

5 matches found

Veracode
Veracode
added 2025/10/27 8:33 a.m.7 views

Predictable Random Number Generator (PRNG)

org.sakaiproject.kernel, sakai-kernel-impl is vulnerable to Use of a Predictable Random Number Generator PRNG. The vulnerability is due to the use of java.util.Random, a non-cryptographic PRNG, for initializing the AES256TextEncryptor password, which allows an attacker to predict the encryption k...

5.9CVSS6.6AI score0.00182EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/10/22 10:19 p.m.57 views

CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

5.9CVSS0.00182EPSS
Exploits0References2
OSV
OSV
added 2025/10/22 10:19 p.m.28 views

CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

5.9CVSS6.7AI score0.00182EPSS
Exploits0References4
CVE
CVE
added 2025/10/22 10:19 p.m.27 views

CVE-2025-62710

CVE-2025-62710 affects Sakai (Sakai kernel-impl) where EncryptionUtilityServiceImpl initializes an AES-256 text encryptor password (serverSecretKey) with RandomStringUtils backed by java.util.Random. The non-cryptographic PRNG can be predicted from limited state/seed information, reducing the sea...

5.9CVSS6.3AI score0.00182EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/22 7:41 p.m.11 views

Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Impact EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information e.g., start time window, substantially...

5.9CVSS6.8AI score0.00182EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder