Common Weakness Enumeration

CWE-330

Discouraged

Use of Insufficiently Random Values

Abstraction: Class · Status: Stable

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

445 vulnerabilities reference this CWE, most recent first.

GHSA-8VQ8-VJQP-8V4R

Vulnerability from github – Published: 2023-08-15 21:30 – Updated: 2025-11-04 18:30
VLAI
Details

Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4344"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-15T19:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection",
  "id": "GHSA-8vq8-vjqp-8v4r",
  "modified": "2025-11-04T18:30:42Z",
  "published": "2023-08-15T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4344"
    },
    {
      "type": "WEB",
      "url": "https://www.broadcom.com/support/resources/product-security-center"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8VX9-59H6-X23V

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10
VLAI
Details

An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10180"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1241",
      "CWE-330",
      "CWE-335",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-30T04:59:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.",
  "id": "GHSA-8vx9-59h6-x23v",
  "modified": "2022-05-13T01:10:32Z",
  "published": "2022-05-13T01:10:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10180"
    },
    {
      "type": "WEB",
      "url": "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95877"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8XXG-M548-VX69

Vulnerability from github – Published: 2022-05-17 02:50 – Updated: 2022-05-17 02:50
VLAI
Details

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-9019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-05T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.",
  "id": "GHSA-8xxg-m548-vx69",
  "modified": "2022-05-17T02:50:38Z",
  "published": "2022-05-17T02:50:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9019"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9358-CPVX-C2QP

Vulnerability from github – Published: 2023-09-11 20:45 – Updated: 2023-09-12 13:34
VLAI
Summary
Magento LTS's guest order "protect code" can be brute-forced too easily
Details

Impact

Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack.

Patches

None.

Workarounds

Implementing rate-limiting at the web server would help mitigate the issue. In particular, a very strict rate limit (e.g. 1 per minute per IP) for the specific route (sales/guest/view/) would effectively mitigate the issue.

References

Email from Frank Rochlitzer (f.rochlitzer@b3-it.de) to security@openmage.org:

Summary

The German Federal Office for Information Security (BSI) found the following flaw in OpenMage through a commissioned pen test: The web application was found to accept certain requests even without prior strong authentication if the person making the request has data that is non-public but also not secret, such as easily easily guessed transaction numbers or names. Attacking entities could possibly exploit this to retrieve sensitive information using this easier-to-obtain data and by trying random numbers.

Details

Customers who place an order without an account can subsequently retrieve the order data or invoice data by specifying individual information. Technically, the access is realized by specifying the cookie guest-view. The value of the cookie is Base64 encoded and contains a random value and the order number. The random value consists of six characters, where these are taken from the alphabet [0-9a-f]. In the best case, i.e. when using a cryptographically secure random number generator, this corresponds to an entropy of 24 bits. Furthermore, the order numbers are assigned incrementally, so that the number range can be narrowed down or an upper limit determined by placing an order. Specifically, this results in the risk that an attacking entity can iterate over all possible values of the cookie's random value. If successful, the billing address, shipping address, payment details and the ordered items can be viewed. The attack only works for orders made as a guest.

PoC

The request/response pair shows the retrieval of an order. It should be noted in particular, that the cookie is not bound to a session. The response has been formatted for formatted for readability.

Request:

1 GET /magento19/index.php/default/sales/guest/view/ HTTP/1.1
2 Host: localhost.local
3 Cookie: guest-view=MzYyYzI4OjEwMDAwMDQzMQ%3D%3D;
4 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
6 Accept-Language: en-US,en;q=0.5
7 Accept-Encoding: gzip, deflate
8 Referer: https://localhost.local/magento19/index.php/default/egovs_checkout/multipage/successview/
9 Upgrade-Insecure-Requests: 1
10 Sec-Fetch-Dest: document
11 Sec-Fetch-Mode: navigate
12 Sec-Fetch-Site: same-origin
13 Sec-Fetch-User: ?1
14 Te: trailers
15 Connection: close

Response:

1 HTTP/1.1 200 OK
2 Date: Tue, 13 Dec 2022 14:06:13 GMT
3 Server: Apache
4 Strict-Transport-Security: max-age=31536000; includeSubDomains
5 X-Powered-By: PHP/7.4.6
6 Set-Cookie: om_frontend=id7v84a05u8mm1j32t2kj5rbjl; expires=Tue, 13-Dec-2022 15:06:13 GMT; Max-Age=3600; path=/magento19/; domain=localhost.local; secure; HttpOnly
7 Expires: Thu, 19 Nov 1981 08:52:00 GMT
8 Cache-Control: no-store, no-cache, must-revalidate
9 Pragma: no-cache
10 Set-Cookie: om_frontend=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/magento19/; domain=localhost.local; secure; HttpOnly; SameSite=None
11 Set-Cookie: om_frontend=o42vttknheaj0sr3q0381jipdp; expires=Tue, 13-Dec-2022 15:06:13 GMT; Max-Age=3600; path=/magento19/; domain=localhost.local; secure; HttpOnly
12 Set-Cookie: guest-view=MzYyYzI4OjEwMDAwMDQzMQ%3D%3D; expires=Tue, 13-Dec-2022 14:16:13 GMT; Max-Age=600; path=/; domain=localhost.local; secure; HttpOnly; SameSite=None
13 X-Frame-Options: SAMEORIGIN
14 X-Content-Type-Options: nosniff
15 X-XSS-Protection: 1; mode=block
16 Referrer-Policy: same-origin
17 Feature-Policy: geolocation 'self'; vibrate 'none'
18 Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafeeval';
style-src 'self' 'unsafe-inline';
19 Connection: close
20 Content-Type: text/html; charset=UTF-8
21 Content-Length: 47876
22
23 <!DOCTYPE html>
24 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
25 […]
26 <div class="page-title">
27 <h1>Bestellung #100000431 - Ausstehende Überweisung</h1>
28 </div>
29 […]
30 <h2 class="feature-headline">Versandadresse</h2>
31 <div class="feature-content">
32 <address>
33 Herr Vorname Nachname<br>
34 Straße<br>
35 Dresden, Brandenburg, 01067<br>
36 Deutschland<br>
37 </address>
38 </div>
39 […]
40 <h2 class="feature-headline">Rechnungsadresse</h2>
41 <div class="feature-content">
42 <address>
43 [color]Herr Vorname Nachname<br>
44 Straße<br>
45 Dresden, Brandenburg, 01067<br>
46 Deutschland<br>[/color]
47 </address>
48 </div>
49 […]
50 <h2 class="feature-headline">Zahlungsart</h2>
51 <div class="feature-content">
52 <div class="block-content">
53 Vorkasse<br>
54 <div id="bankpayment_account_info" style="font-style: italic;">Bankverbindung</div>
55 <table class="data-table fieldset">
56 […]
57 <h2 class="sub-title">
58 <span>Kassenzeichen: WS1712000349</span>
59 </h2>
60 <h2 class="sub-title">Bestellte Artikel</h2>
61 […]
62 <td class="order-item-product">
63 <h3 class="product-name ellipsis-multi-line">Testprodukt Kreditkarte</h3>
64 […]
65 <span class="price">100,23 €</span>
66 […]
67 </html>

Impact

Information disclosure. Read as well as write access to sensitive information of persons or accounts and the execution of actions on their behalf must always be secured by strong authentication. This can be ensured, for example, by enforcing strong passwords or MFA. For temporary accesses to sensitive information, temporary passwords or authentication tokens or comparable data that an attacking entity cannot easily guess or determine should be used. Random values should have sufficient entropy so that searching the number space is impractical for attacking entities. Furthermore, such queries should be limited by rate limiting. The exact attack effort cannot be determined, since this requires the proportion of the proportion of orders that were placed without an account and since the performance of the performance of the production system is likely to differ from that of the test system. In a test run, 1000 requests could be made within 36 seconds. Part of the execution is shown in the screenshot. The complete search of the number space for the random value would take 6 days 23 hours 46 minutes. Accordingly, the expected value is about 3.5 days. If every third order is executed without an account, the effort must be multiplied by a factor of 3.

Mit freundlichen Grüßen

Frank Rochlitzer (github: theroch)

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 19.5.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "openmage/magento-lts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "19.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 20.1.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "openmage/magento-lts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "20.0.0"
            },
            {
              "fixed": "20.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-41879"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-11T20:45:02Z",
    "nvd_published_at": "2023-09-11T22:15:08Z",
    "severity": "HIGH"
  },
  "details": "# Impact\n\nGuest orders may be viewed without authentication using a \"guest-view\" cookie which contains the order\u0027s \"protect_code\". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack.\n\n# Patches\n\nNone.\n\n# Workarounds\n\nImplementing rate-limiting at the web server would help mitigate the issue. In particular, a very strict rate limit (e.g. 1 per minute per IP) for the specific route (`sales/guest/view/`) would effectively mitigate the issue.\n\n# References\n\nEmail from Frank Rochlitzer (f.rochlitzer@b3-it.de) to security@openmage.org:\n\n## Summary\n\nThe German Federal Office for Information Security (BSI) found the following flaw in OpenMage through a commissioned pen test:\nThe web application was found to accept certain requests even without prior strong authentication if the person making the request has data that is non-public but also not secret, such as easily\neasily guessed transaction numbers or names.\nAttacking entities could possibly exploit this to retrieve sensitive information using this easier-to-obtain data and by trying random numbers.\n\n## Details\n\nCustomers who place an order without an account can subsequently retrieve the order data or invoice data by specifying individual information.\nTechnically, the access is realized by specifying the cookie guest-view. The value of the cookie is Base64 encoded and contains a random value and the order number. The random value consists of six characters, where these are taken from the alphabet [0-9a-f]. In the best case, i.e. when using a cryptographically secure random number generator, this corresponds to an entropy of 24 bits. Furthermore, the order numbers are assigned incrementally, so that the number range can be narrowed down or an upper limit determined by placing an order.\nSpecifically, this results in the risk that an attacking entity can iterate over all possible values of the cookie\u0027s random value. If successful, the billing address, shipping address, payment details and the ordered items can be viewed. The attack only works for orders made as a guest.\n\n## PoC\n\nThe request/response pair shows the retrieval of an order. It should be noted in particular, that the cookie is not bound to a session. The response has been formatted for formatted for readability.\n\nRequest:\n```\n1 GET /magento19/index.php/default/sales/guest/view/ HTTP/1.1\n2 Host: localhost.local\n3 Cookie: guest-view=MzYyYzI4OjEwMDAwMDQzMQ%3D%3D;\n4 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0\n5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\n6 Accept-Language: en-US,en;q=0.5\n7 Accept-Encoding: gzip, deflate\n8 Referer: https://localhost.local/magento19/index.php/default/egovs_checkout/multipage/successview/\n9 Upgrade-Insecure-Requests: 1\n10 Sec-Fetch-Dest: document\n11 Sec-Fetch-Mode: navigate\n12 Sec-Fetch-Site: same-origin\n13 Sec-Fetch-User: ?1\n14 Te: trailers\n15 Connection: close\n```\n\nResponse:\n\n```\n1 HTTP/1.1 200 OK\n2 Date: Tue, 13 Dec 2022 14:06:13 GMT\n3 Server: Apache\n4 Strict-Transport-Security: max-age=31536000; includeSubDomains\n5 X-Powered-By: PHP/7.4.6\n6 Set-Cookie: om_frontend=id7v84a05u8mm1j32t2kj5rbjl; expires=Tue, 13-Dec-2022 15:06:13 GMT; Max-Age=3600; path=/magento19/; domain=localhost.local; secure; HttpOnly\n7 Expires: Thu, 19 Nov 1981 08:52:00 GMT\n8 Cache-Control: no-store, no-cache, must-revalidate\n9 Pragma: no-cache\n10 Set-Cookie: om_frontend=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/magento19/; domain=localhost.local; secure; HttpOnly; SameSite=None\n11 Set-Cookie: om_frontend=o42vttknheaj0sr3q0381jipdp; expires=Tue, 13-Dec-2022 15:06:13 GMT; Max-Age=3600; path=/magento19/; domain=localhost.local; secure; HttpOnly\n12 Set-Cookie: guest-view=MzYyYzI4OjEwMDAwMDQzMQ%3D%3D; expires=Tue, 13-Dec-2022 14:16:13 GMT; Max-Age=600; path=/; domain=localhost.local; secure; HttpOnly; SameSite=None\n13 X-Frame-Options: SAMEORIGIN\n14 X-Content-Type-Options: nosniff\n15 X-XSS-Protection: 1; mode=block\n16 Referrer-Policy: same-origin\n17 Feature-Policy: geolocation \u0027self\u0027; vibrate \u0027none\u0027\n18 Content-Security-Policy: default-src \u0027self\u0027;script-src \u0027self\u0027 \u0027unsafe-inline\u0027 \u0027unsafeeval\u0027;\nstyle-src \u0027self\u0027 \u0027unsafe-inline\u0027;\n19 Connection: close\n20 Content-Type: text/html; charset=UTF-8\n21 Content-Length: 47876\n22\n23 \u003c!DOCTYPE html\u003e\n24 \u003chtml xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"de\" lang=\"de\"\u003e\n25 [\u2026]\n26 \u003cdiv class=\"page-title\"\u003e\n27 \u003ch1\u003eBestellung #100000431 - Ausstehende \u00dcberweisung\u003c/h1\u003e\n28 \u003c/div\u003e\n29 [\u2026]\n30 \u003ch2 class=\"feature-headline\"\u003eVersandadresse\u003c/h2\u003e\n31 \u003cdiv class=\"feature-content\"\u003e\n32 \u003caddress\u003e\n33 Herr Vorname Nachname\u003cbr\u003e\n34 Stra\u00dfe\u003cbr\u003e\n35 Dresden, Brandenburg, 01067\u003cbr\u003e\n36 Deutschland\u003cbr\u003e\n37 \u003c/address\u003e\n38 \u003c/div\u003e\n39 [\u2026]\n40 \u003ch2 class=\"feature-headline\"\u003eRechnungsadresse\u003c/h2\u003e\n41 \u003cdiv class=\"feature-content\"\u003e\n42 \u003caddress\u003e\n43 [color]Herr Vorname Nachname\u003cbr\u003e\n44 Stra\u00dfe\u003cbr\u003e\n45 Dresden, Brandenburg, 01067\u003cbr\u003e\n46 Deutschland\u003cbr\u003e[/color]\n47 \u003c/address\u003e\n48 \u003c/div\u003e\n49 [\u2026]\n50 \u003ch2 class=\"feature-headline\"\u003eZahlungsart\u003c/h2\u003e\n51 \u003cdiv class=\"feature-content\"\u003e\n52 \u003cdiv class=\"block-content\"\u003e\n53 Vorkasse\u003cbr\u003e\n54 \u003cdiv id=\"bankpayment_account_info\" style=\"font-style: italic;\"\u003eBankverbindung\u003c/div\u003e\n55 \u003ctable class=\"data-table fieldset\"\u003e\n56 [\u2026]\n57 \u003ch2 class=\"sub-title\"\u003e\n58 \u003cspan\u003eKassenzeichen: WS1712000349\u003c/span\u003e\n59 \u003c/h2\u003e\n60 \u003ch2 class=\"sub-title\"\u003eBestellte Artikel\u003c/h2\u003e\n61 [\u2026]\n62 \u003ctd class=\"order-item-product\"\u003e\n63 \u003ch3 class=\"product-name ellipsis-multi-line\"\u003eTestprodukt Kreditkarte\u003c/h3\u003e\n64 [\u2026]\n65 \u003cspan class=\"price\"\u003e100,23 \u20ac\u003c/span\u003e\n66 [\u2026]\n67 \u003c/html\u003e\n```\n\n## Impact\n\nInformation disclosure.\nRead as well as write access to sensitive information of persons or accounts and the execution of actions on their behalf must always be secured by strong authentication. This can be ensured, for example, by enforcing strong passwords or MFA.\nFor temporary accesses to sensitive information, temporary passwords or\nauthentication tokens or comparable data that an attacking entity cannot easily guess or determine should be used. Random values should have sufficient entropy so that searching the number space is impractical for attacking entities.\nFurthermore, such queries should be limited by rate limiting.\nThe exact attack effort cannot be determined, since this requires the proportion of\nthe proportion of orders that were placed without an account and since the performance of the\nperformance of the production system is likely to differ from that of the test system.\nIn a test run, 1000 requests could be made within 36 seconds. Part of the execution is shown in the screenshot. The complete search of the number space for the random value would take 6 days 23 hours 46 minutes. Accordingly, the expected value is about 3.5 days. If every third order is executed without an account, the effort must be multiplied by a factor of 3.\n\nMit freundlichen Gr\u00fc\u00dfen\n\nFrank Rochlitzer (github: theroch)\n",
  "id": "GHSA-9358-cpvx-c2qp",
  "modified": "2023-09-12T13:34:48Z",
  "published": "2023-09-11T20:45:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-9358-cpvx-c2qp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41879"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenMage/magento-lts/commit/2a2a2fb504247e8966f8ffc2e17d614be5d43128"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenMage/magento-lts/commit/31e74ac5d670b10001f88f038046b62367f15877"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenMage/magento-lts"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.5.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.1.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Magento LTS\u0027s guest order \"protect code\" can be brute-forced too easily"
}

GHSA-94RF-V38J-R4R9

Vulnerability from github – Published: 2026-03-07 03:30 – Updated: 2026-03-12 15:30
VLAI
Details

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed session parameters in URLs to gain unauthorized access to authenticated user sessions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-07T01:15:58Z",
    "severity": "HIGH"
  },
  "details": "XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cookie values and exploit exposed session parameters in URLs to gain unauthorized access to authenticated user sessions.",
  "id": "GHSA-94rf-v38j-r4r9",
  "modified": "2026-03-12T15:30:23Z",
  "published": "2026-03-07T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25072"
    },
    {
      "type": "WEB",
      "url": "https://openwrt.org/toh/xikestor/sks8310-8x?s%5B%5D=xikestor\u0026s%5B%5D=sks8310\u0026s%5B%5D=8x"
    },
    {
      "type": "WEB",
      "url": "https://www.aliexpress.com/i/3256808697772710.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-95HC-3VWP-3CJF

Vulnerability from github – Published: 2025-12-13 18:30 – Updated: 2025-12-13 18:30
VLAI
Details

The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock_key key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys for their IP Address. This makes it possible for unauthenticated attackers to bypass blocks due to invalid login attempts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11707"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-13T16:16:45Z",
    "severity": "MODERATE"
  },
  "details": "The Login Lockdown \u0026 Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock_key key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys for their IP Address. This makes it possible for unauthenticated attackers to bypass blocks due to invalid login attempts.",
  "id": "GHSA-95hc-3vwp-3cjf",
  "modified": "2025-12-13T18:30:19Z",
  "published": "2025-12-13T18:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11707"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/login-lockdown/trunk/libs/functions.php"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3389843%40login-lockdown\u0026new=3389843%40login-lockdown\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c732ea2-0263-4b18-9aa4-29e387b26362?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-95JH-V98H-7GWW

Vulnerability from github – Published: 2022-04-08 00:00 – Updated: 2022-04-19 00:01
VLAI
Details

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22517"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-334"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-07T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.",
  "id": "GHSA-95jh-v98h-7gww",
  "modified": "2022-04-19T00:01:33Z",
  "published": "2022-04-08T00:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22517"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-96G6-83P3-M784

Vulnerability from github – Published: 2021-12-28 00:00 – Updated: 2023-06-30 18:31
VLAI
Details

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24998"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-27T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that \"does not generate cryptographically secure values, and should not be used for cryptographic purposes\" according to PHP\u0027s documentation.",
  "id": "GHSA-96g6-83p3-m784",
  "modified": "2023-06-30T18:31:00Z",
  "published": "2021-12-28T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24998"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/2613782"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/1cca404e-766a-43ab-b41f-77d6a3b282fb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-96QQ-9H7M-67PW

Vulnerability from github – Published: 2023-02-10 06:30 – Updated: 2025-03-24 18:30
VLAI
Details

KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-10T04:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.",
  "id": "GHSA-96qq-9h7m-67pw",
  "modified": "2025-03-24T18:30:32Z",
  "published": "2023-02-10T06:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43501"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU99551468"
    },
    {
      "type": "WEB",
      "url": "https://www.elwsc.co.jp/news/6352"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-97W9-GCC7-VR8G

Vulnerability from github – Published: 2022-11-16 12:00 – Updated: 2023-07-19 19:58
VLAI
Summary
Insufficient Entropy in PHPServerMon PRNG
Details

A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is 3daa804d5f56c55b3ae13bfac368bb84ec632193. It is recommended to apply a patch to fix this issue. The identifier VDB-213717 was assigned to this vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpservermon/phpservermon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-4240"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1241",
      "CWE-330",
      "CWE-331"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-07T19:27:56Z",
    "nvd_published_at": "2022-11-15T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function `generatePasswordResetToken` of the file `src/psm/Service/User.php`. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is 3daa804d5f56c55b3ae13bfac368bb84ec632193. It is recommended to apply a patch to fix this issue. The identifier VDB-213717 was assigned to this vulnerability.",
  "id": "GHSA-97w9-gcc7-vr8g",
  "modified": "2023-07-19T19:58:50Z",
  "published": "2022-11-16T12:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4240"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpservermon/phpservermon/commit/3daa804d5f56c55b3ae13bfac368bb84ec632193"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/phpservermon/phpservermon"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/2-phpservermon/phpservermon"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.213717"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insufficient Entropy in PHPServerMon PRNG"
}

Mitigation
Architecture and Design
  • Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
  • In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
  • Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Implementation

Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.

Mitigation MIT-2
Architecture and Design Requirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-485: Signature Spoofing by Key Recreation

An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.