CWE-330
DiscouragedUse of Insufficiently Random Values
Abstraction: Class · Status: Stable
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
445 vulnerabilities reference this CWE, most recent first.
GHSA-63QG-58C5-WRFF
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data//collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.
{
"affected": [],
"aliases": [
"CVE-2017-16924"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-19T04:29:00Z",
"severity": "CRITICAL"
},
"details": "Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/\u003cclient_id\u003e/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.",
"id": "GHSA-63qg-58c5-wrff",
"modified": "2022-05-13T01:44:13Z",
"published": "2022-05-13T01:44:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16924"
},
{
"type": "WEB",
"url": "https://github.com/snoonan77/security-research/blob/master/CVE-2017-16924"
},
{
"type": "WEB",
"url": "https://www.manageengine.com/desktop-management-msp/password-encryption-policy-violation.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-63V9-V58H-69GM
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:04Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
{
"affected": [],
"aliases": [
"CVE-2019-2294"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-30T16:15:00Z",
"severity": "CRITICAL"
},
"details": "Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130",
"id": "GHSA-63v9-v58h-69gm",
"modified": "2024-04-04T02:04:17Z",
"published": "2022-05-24T16:57:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2294"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-64QF-4R7V-W6J5
Vulnerability from github – Published: 2022-11-16 12:00 – Updated: 2022-11-21 15:30A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device.
{
"affected": [],
"aliases": [
"CVE-2022-20941"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-331",
"CWE-334"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-15T21:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device.",
"id": "GHSA-64qf-4r7v-w6j5",
"modified": "2022-11-21T15:30:21Z",
"published": "2022-11-16T12:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20941"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-info-disc-UghNRRhP"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-info-disc-UghNRRhP"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-69CG-852P-W88R
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:10The token generator in index.php in Centreon Web before 2.8.27 is predictable.
{
"affected": [],
"aliases": [
"CVE-2019-17105"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-08T15:15:00Z",
"severity": "MODERATE"
},
"details": "The token generator in index.php in Centreon Web before 2.8.27 is predictable.",
"id": "GHSA-69cg-852p-w88r",
"modified": "2024-04-04T02:10:08Z",
"published": "2022-05-24T16:58:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17105"
},
{
"type": "WEB",
"url": "https://github.com/centreon/centreon/pull/7100"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-69FX-MVCM-V5G3
Vulnerability from github – Published: 2026-02-24 18:31 – Updated: 2026-02-24 18:31Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.
{
"affected": [],
"aliases": [
"CVE-2026-27515"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-24T16:24:08Z",
"severity": "CRITICAL"
},
"details": "Binardat 10G08-0800GSM network switch firmware versions prior to\u00a0V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.",
"id": "GHSA-69fx-mvcm-v5g3",
"modified": "2026-02-24T18:31:02Z",
"published": "2026-02-24T18:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27515"
},
{
"type": "WEB",
"url": "https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-predictable-session-identifiers"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-69JW-4JJ8-FCXM
Vulnerability from github – Published: 2025-12-02 17:55 – Updated: 2025-12-02 17:55In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed.
This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the -s option). Even if the input seed file stays the same, version 0.2.0 gokey will generate different secrets.
Impact
This vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the -s option). Keys/secrets generated just from the master password (without the -s option) are not impacted. The confidentiality of the seed itself is also not impacted (it is not required to regenerate the seed itself). Specific impact includes:
- keys/secrets generated from a seed file may have lower entropy: it was expected that the whole seed would be used to generate keys (240 bytes of entropy input), where in vulnerable versions only 28 bytes was used
- a malicious entity could have recovered all passwords, generated from a particular seed, having only the seed file in possession without the knowledge of the seed master password
Patches
The code logic bug has been fixed in gokey version 0.2.0 and above. Due to the deterministic nature of gokey, fixed versions will produce different passwords/secrets using seed files, as all seed entropy will be used now.
System secret rotation guidance
It is advised for users to regenerate passwords/secrets using the patched version of gokey (0.2.0 and above), and provision/rotate these secrets into respective systems in place of the old secret. A specific rotation procedure is system-dependent, but most common patterns are described below.
Systems that do not require the old password/secret for rotation
Such systems usually have a "Forgot password" facility or a similar facility allowing users to rotate their password/secrets by sending a unique "magic" link to the user's email or phone. In such cases users are advised to use this facility and input the newly generated password secret, when prompted by the system.
Systems that require the old password/secret for rotation
Such systems usually have a modal password rotation window usually in the user settings section requiring the user to input the old and the new password sometimes with a confirmation. To generate/recover the old password in such cases users are advised to:
- temporarily download gokey version
0.1.3for their respective operating system to recover the old password - use gokey version
0.2.0or above to generate the new password - populate the system provided password rotation form
Systems that allow multiple credentials for the same account to be provisioned
Such systems usually require a secret or a cryptographic key as a credential for access, but allow several credentials at the same time. One example is SSH: a particular user may have several authorized public keys configured on the SSH server for access. For such systems users are advised to:
- generate a new secret/key/credential using gokey version
0.2.0or above - provision the new secret/key/credential in addition to the existing credential on the system
- verify that the access or required system operation is still possible with the new secret/key/credential
- revoke authorization for the existing/old credential from the system
Credit
This vulnerability was found by Théo Cusnir (@mister_mime) and responsibly disclosed through Cloudflare's bug bounty program.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cloudflare/gokey"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-13353"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-02T17:55:54Z",
"nvd_published_at": "2025-12-02T11:15:47Z",
"severity": "HIGH"
},
"details": "In gokey versions `\u003c0.2.0`, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed.\n\nThis issue has been fixed in gokey version `0.2.0`. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the `-s` option). Even if the input seed file stays the same, version `0.2.0` gokey will generate different secrets.\n\n### Impact\n\nThis vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the `-s` option). Keys/secrets generated just from the master password (without the `-s` option) are not impacted. The confidentiality of the seed itself is also not impacted (it is not required to regenerate the seed itself). Specific impact includes:\n\n* keys/secrets generated from a seed file may have lower entropy: it was expected that the whole seed would be used to generate keys (240 bytes of entropy input), where in vulnerable versions only 28 bytes was used \n* a malicious entity could have recovered all passwords, generated from a particular seed, having only the seed file in possession without the knowledge of the seed master password\n\n### Patches\n\nThe code logic bug has been fixed in gokey version `0.2.0` and above. Due to the deterministic nature of gokey, fixed versions will produce different passwords/secrets using seed files, as all seed entropy will be used now.\n\n### System secret rotation guidance\n\nIt is advised for users to regenerate passwords/secrets using the patched version of gokey (`0.2.0` and above), and provision/rotate these secrets into respective systems in place of the old secret. A specific rotation procedure is system-dependent, but most common patterns are described below.\n\n#### Systems that do not require the old password/secret for rotation\n\nSuch systems usually have a \"Forgot password\" facility or a similar facility allowing users to rotate their password/secrets by sending a unique \"magic\" link to the user\u0027s email or phone. In such cases users are advised to use this facility and input the newly generated password secret, when prompted by the system.\n\n#### Systems that require the old password/secret for rotation\n\nSuch systems usually have a modal password rotation window usually in the user settings section requiring the user to input the old and the new password sometimes with a confirmation. To generate/recover the old password in such cases users are advised to:\n\n* temporarily download [gokey version `0.1.3`](https://github.com/cloudflare/gokey/releases/tag/v0.1.3) for their respective operating system to recover the old password \n* use gokey version `0.2.0` or above to generate the new password \n* populate the system provided password rotation form\n\n#### Systems that allow multiple credentials for the same account to be provisioned\n\nSuch systems usually require a secret or a cryptographic key as a credential for access, but allow several credentials at the same time. One example is SSH: a particular user may have several authorized public keys configured on the SSH server for access. For such systems users are advised to:\n\n* generate a new secret/key/credential using gokey version `0.2.0` or above \n* provision the new secret/key/credential in addition to the existing credential on the system \n* verify that the access or required system operation is still possible with the new secret/key/credential \n* revoke authorization for the existing/old credential from the system\n\n### Credit\n\nThis vulnerability was found by Th\u00e9o Cusnir ([@mister_mime](https://hackerone.com/mister_mime?type=user)) and responsibly disclosed through Cloudflare\u0027s bug bounty program.",
"id": "GHSA-69jw-4jj8-fcxm",
"modified": "2025-12-02T17:55:54Z",
"published": "2025-12-02T17:55:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13353"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/gokey/commit/f261819e99ea169843bd5aa3e643d046260ff511"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudflare/gokey"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "gokey allows secret recovery from a seed file without the master password"
}
GHSA-6C68-84GQ-J9GR
Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2022-05-24 17:24The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
{
"affected": [],
"aliases": [
"CVE-2020-16166"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.",
"id": "GHSA-6c68-84gq-j9gr",
"modified": "2022-05-24T17:24:44Z",
"published": "2022-05-24T17:24:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16166"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4"
},
{
"type": "WEB",
"url": "https://arxiv.org/pdf/2012.07432.pdf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200814-0004"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4525-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4526-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6G33-F262-XJP4
Vulnerability from github – Published: 2018-10-09 00:57 – Updated: 2023-09-08 20:56Affected versions of randomatic generate random values using a cryptographically weak psuedo-random number generator. This may result in predictable values instead of random values as intended.
Recommendation
Update to version 3.0.0 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "randomatic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-16028"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:19:13Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Affected versions of `randomatic` generate random values using a cryptographically weak psuedo-random number generator. This may result in predictable values instead of random values as intended.\n\n\n\n\n## Recommendation\n\nUpdate to version 3.0.0 or later.",
"id": "GHSA-6g33-f262-xjp4",
"modified": "2023-09-08T20:56:26Z",
"published": "2018-10-09T00:57:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16028"
},
{
"type": "WEB",
"url": "https://github.com/jonschlinkert/randomatic/commit/4a526959b3a246ae8e4a82f9c182180907227fe1#diff-b9cfc7f2cdf78a7f4b91a753d10865a2"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-6g33-f262-xjp4"
},
{
"type": "WEB",
"url": "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/157"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cryptographically Weak PRNG in randomatic"
}
GHSA-6G87-JG5M-PPFQ
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
{
"affected": [],
"aliases": [
"CVE-2021-26098"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-04T14:15:00Z",
"severity": "HIGH"
},
"details": "An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.",
"id": "GHSA-6g87-jg5m-ppfq",
"modified": "2022-05-24T19:10:01Z",
"published": "2022-05-24T19:10:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26098"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-20-218"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6HFM-9HRF-689C
Vulnerability from github – Published: 2022-08-03 00:00 – Updated: 2022-08-11 00:00In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
{
"affected": [],
"aliases": [
"CVE-2022-29808"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-02T22:15:00Z",
"severity": "HIGH"
},
"details": "In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.",
"id": "GHSA-6hfm-9hrf-689c",
"modified": "2022-08-11T00:00:38Z",
"published": "2022-08-03T00:00:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29808"
},
{
"type": "WEB",
"url": "https://support.quest.com/kace-systems-management-appliance/kb/338163/quest-response-to-kace-sma-vulnerabilities-cve-2022-29808"
},
{
"type": "WEB",
"url": "https://support.quest.com/kb/338163"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.