CWE-330
DiscouragedUse of Insufficiently Random Values
Abstraction: Class · Status: Stable
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
445 vulnerabilities reference this CWE, most recent first.
GHSA-G897-CGFC-7Q8V
Vulnerability from github – Published: 2022-05-17 04:55 – Updated: 2023-01-23 14:33config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "fat_free_crm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-7222"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-23T14:33:19Z",
"nvd_published_at": "2014-01-02T14:59:00Z",
"severity": "MODERATE"
},
"details": "`config/initializers/secret_token.rb` in Fat Free CRM before 0.12.1 has a fixed `FatFreeCRM::Application.config.secret_token` value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.",
"id": "GHSA-g897-cgfc-7q8v",
"modified": "2023-01-23T14:33:19Z",
"published": "2022-05-17T04:55:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7222"
},
{
"type": "WEB",
"url": "https://github.com/fatfreecrm/fat_free_crm/issues/300"
},
{
"type": "WEB",
"url": "https://github.com/fatfreecrm/fat_free_crm/commit/93c182dd4c6f3620b721d2a15ba6a6ecab5669df"
},
{
"type": "PACKAGE",
"url": "https://github.com/fatfreecrm/fat_free_crm"
},
{
"type": "WEB",
"url": "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fat_free_crm/CVE-2013-7222.yml"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2013/12/28/2"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2013/Dec/199"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Fat Free CRM has fixed token value"
}
GHSA-GC5H-XF3G-H5X4
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2025-10-22 00:31An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-1472"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-17T19:15:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka \u0027Netlogon Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-gc5h-xf3g-h5x4",
"modified": "2025-10-22T00:31:57Z",
"published": "2022-05-24T17:25:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1472"
},
{
"type": "WEB",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_21"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/490028"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1472"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4559-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4510-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4510-1"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202012-24"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/09/17/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GC7P-GG9X-38QQ
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2025-03-31 12:30ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
{
"affected": [],
"aliases": [
"CVE-2020-36252"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-19T07:15:00Z",
"severity": "MODERATE"
},
"details": "ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.",
"id": "GHSA-gc7p-gg9x-38qq",
"modified": "2025-03-31T12:30:44Z",
"published": "2022-05-24T17:42:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36252"
},
{
"type": "WEB",
"url": "https://owncloud.com/security-advisories/access-to-all-file-versions"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GC9J-XJC6-H7V6
Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and because jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.
{
"affected": [],
"aliases": [
"CVE-2019-18282"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-16T16:15:00Z",
"severity": "MODERATE"
},
"details": "The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and because jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.",
"id": "GHSA-gc9j-xjc6-h7v6",
"modified": "2022-05-24T17:06:47Z",
"published": "2022-05-24T17:06:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18282"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200204-0002"
},
{
"type": "WEB",
"url": "https://www.computer.org/csdl/proceedings-article/sp/2020/349700b594/1j2LgrHDR2o"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GCFJ-HPMM-X9XF
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
{
"affected": [],
"aliases": [
"CVE-2017-13081"
],
"database_specific": {
"cwe_ids": [
"CWE-323",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-17T13:29:00Z",
"severity": "MODERATE"
},
"details": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.",
"id": "GHSA-gcfj-hpmm-x9xf",
"modified": "2025-04-20T03:46:55Z",
"published": "2022-05-13T01:43:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13081"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"type": "WEB",
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"type": "WEB",
"url": "https://www.krackattacks.com"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
},
{
"type": "WEB",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101274"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039573"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039576"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039577"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039578"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039581"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039585"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GGFX-H9XJ-5V9C
Vulnerability from github – Published: 2022-05-19 00:00 – Updated: 2022-05-31 23:27The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "random_password_generator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-25061"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-335"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-25T20:15:34Z",
"nvd_published_at": "2022-05-18T11:15:00Z",
"severity": "HIGH"
},
"details": "The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction.",
"id": "GHSA-ggfx-h9xj-5v9c",
"modified": "2022-05-31T23:27:43Z",
"published": "2022-05-19T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25061"
},
{
"type": "WEB",
"url": "https://github.com/bvsatyaram/random_password_generator/pull/1"
},
{
"type": "PACKAGE",
"url": "https://github.com/bvsatyaram/random_password_generator"
},
{
"type": "WEB",
"url": "https://github.com/bvsatyaram/random_password_generator/blob/2855e8d7d8803dbb580ddd6cf13846394eb4530e/lib/random_password_generator.rb#L23"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/random_password_generator/CVE-2019-25061.yml"
},
{
"type": "WEB",
"url": "https://ruby-doc.org/core-3.1.2/Random.html"
},
{
"type": "WEB",
"url": "https://stackoverflow.com/questions/42170239/security-of-rand-in-ruby-compared-to-other-methods/42170560"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insecure PRNG use in random_password_generator"
}
GHSA-GH7C-CG3X-PMCR
Vulnerability from github – Published: 2022-05-01 18:45 – Updated: 2024-10-21 21:00pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pyftpdlib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2007-6738"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-29T14:38:49Z",
"nvd_published_at": "2010-10-19T20:00:00Z",
"severity": "HIGH"
},
"details": "pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.",
"id": "GHSA-gh7c-cg3x-pmcr",
"modified": "2024-10-21T21:00:56Z",
"published": "2022-05-01T18:45:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6738"
},
{
"type": "WEB",
"url": "https://github.com/giampaolo/pyftpdlib/commit/d171bdc4ef7ac769671946a8a3e5eaafc39a9202"
},
{
"type": "PACKAGE",
"url": "https://github.com/giampaolo/pyftpdlib"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-22.yaml"
},
{
"type": "WEB",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "pyftpdlib Use of Insufficiently Random Values of port selection on PASV command"
}
GHSA-GH8R-7RF7-W4RG
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
{
"affected": [],
"aliases": [
"CVE-2017-13079"
],
"database_specific": {
"cwe_ids": [
"CWE-323",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-17T13:29:00Z",
"severity": "MODERATE"
},
"details": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.",
"id": "GHSA-gh8r-7rf7-w4rg",
"modified": "2025-04-20T03:46:55Z",
"published": "2022-05-13T01:43:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13079"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"type": "WEB",
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"type": "WEB",
"url": "https://www.krackattacks.com"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
},
{
"type": "WEB",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101274"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039573"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039576"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039577"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039578"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039581"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039585"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GHHQ-5MMR-7WF5
Vulnerability from github – Published: 2022-12-08 21:30 – Updated: 2025-04-23 18:30Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack.
{
"affected": [],
"aliases": [
"CVE-2022-44938"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-08T20:15:00Z",
"severity": "CRITICAL"
},
"details": "Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack.",
"id": "GHSA-ghhq-5mmr-7wf5",
"modified": "2025-04-23T18:30:40Z",
"published": "2022-12-08T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44938"
},
{
"type": "WEB",
"url": "https://pwnit.io/2022/11/23/weak-password-reset-token-leads-to-account-takeover-in-seeddms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GP25-QCRF-8649
Vulnerability from github – Published: 2022-05-02 03:32 – Updated: 2024-02-15 03:30account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.
{
"affected": [],
"aliases": [
"CVE-2009-2158"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-06-22T19:30:00Z",
"severity": "HIGH"
},
"details": "account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.",
"id": "GHSA-gp25-qcrf-8649",
"modified": "2024-02-15T03:30:18Z",
"published": "2022-05-02T03:32:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2158"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51150"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/8958"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/504294/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/35369"
},
{
"type": "WEB",
"url": "http://www.waraxe.us/advisory-74.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.