14 matches found
CVE-2024-45723 goTenna Pro ATAK Plugin Use of Cryptographically Weak Pseudo-Random Number Generator
The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast ...
CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
K15935: NTP vulnerability CVE-2014-9294
Security Advisory Description util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. CVE-2014-9294 Impact Theoretically, a remote attacker can determine a weak...
Design/Logic Flaw
Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration...
Security Bulletin: Multiple vulnerabilities in ntp affect IBM Flex System Manager (FSM) (CVE-2014-9293, CVE-2014-9294, CVE-2014-9297, CVE-2014-9298)
Summary There are multiple vulnerabilities in ntp that is used by IBM Flex System Manager. Vulnerability Details Summary There are multiple vulnerabilities in ntp that is used by IBM Flex System Manager. Vulnerability Details: CVE-ID: CVE-2014-9293 Description: Network Time Protocol NTP Project N...
Debian DLA-600-1 : libgcrypt11 security update
The crypto library libgcrypt11 has a weakness in the random number generator. CVE-2016-6313 Felix Drre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator. An attacker who obtains 4640 bits from the RNG can...
F5 Networks BIG-IP : NTP vulnerability (SOL15935)
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
Government Agencies Audit For Juniper Backdoor
Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls. Letters went out late last week from the House Oversight & Government Reform Committee to the leaders of the various agencies asking them to provide th...
CVE-2014-9294
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...
CVE-2014-9294
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...
Design/Logic Flaw
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...
CVE-2014-9294
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...
CVE-2014-9294
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...
CVE-2014-9294
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...