CWE-330
DiscouragedUse of Insufficiently Random Values
Abstraction: Class · Status: Stable
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
445 vulnerabilities reference this CWE, most recent first.
GHSA-GQ4G-FPC9-VJFQ
Vulnerability from github – Published: 2026-07-07 23:39 – Updated: 2026-07-07 23:40Impact
Webauthn\SimpleFakeCredentialGenerator is the library-provided default implementation of the FakeCredentialGenerator interface. It returns a stable list of decoy PublicKeyCredentialDescriptor objects for a given username so that an assertion request for an unknown user looks the same as a request for a real one, which mitigates username enumeration.
The generator derives the whole decoy list from a single seed:
$seed = hash('sha256', $username . $this->secret, true);
When it is constructed without a secret (its constructor default, $secret = ''), the seed depends only on the username. The username is attacker-chosen and the algorithm is public, so an unauthenticated requester can recompute the exact, byte-for-byte decoy list the server returns for any username. The attacker then compares a probed username's response against the locally computed list and decides whether the account is real or fake, which is precisely the distinction the mechanism is meant to hide.
With any non-empty secret the seed becomes a value the attacker cannot evaluate and the mitigation holds. The defect is the empty default, not the algorithm.
Affected configurations
- Direct use of the library (
web-auth/webauthn-lib) whereSimpleFakeCredentialGeneratoris instantiated without a secret. - Any integration that wires the generator with an empty secret.
The Symfony bundle is not affected with its default configuration: it injects the application secret (kernel.secret) into the generator, so out-of-the-box deployments already use a non-empty secret. Deployments that set an empty kernel.secret are affected.
Patches
Fixed in 5.3.5. The generator now emits a deprecation when it is constructed without a secret, which surfaces the misconfiguration in logs and the Symfony profiler. A non-empty secret will be required in 6.0.0. The recommended remediation is to always provide a non-empty, deployment-specific secret.
Workarounds
Construct SimpleFakeCredentialGenerator with a non-empty secret value (for example the application secret), or provide a custom FakeCredentialGenerator implementation seeded with a secret.
Proof of concept
<?php
declare(strict_types=1);
require $src . '/PublicKeyCredentialDescriptor.php';
require $src . '/FakeCredentialGenerator.php';
require $src . '/SimpleFakeCredentialGenerator.php';
use Webauthn\PublicKeyCredentialDescriptor;
use Webauthn\SimpleFakeCredentialGenerator;
$username = 'alice@example.com';
// 1. The "server" runs the library default wiring (cache=null, secret='').
$server = new SimpleFakeCredentialGenerator();
$refl = new ReflectionMethod(SimpleFakeCredentialGenerator::class, 'generateCredentials');
$refl->setAccessible(true);
$serverDescriptors = $refl->invoke($server, $username);
// 2. The "attacker" recomputes the same algorithm, knowing only the username.
function attackerRecompute(string $username): array {
$transports = [
PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_USB,
PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_NFC,
PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_BLE,
PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_HYBRID,
PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_INTERNAL,
PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_SMART_CARD,
];
$seed = hash('sha256', $username . '', true); // empty secret
$count = (ord($seed[0]) % 3) + 1;
$out = [];
for ($i = 0; $i < $count; $i++) {
$credSeed = hash('sha256', $seed . pack('N', $i), true);
$transportCount = (ord($credSeed[0]) % 2) + 1;
$sel = [];
for ($j = 0; $j < $transportCount; $j++) {
$sel[] = $transports[ord($credSeed[$j + 1]) % count($transports)];
}
$sel = array_values(array_unique($sel));
$out[] = ['type' => PublicKeyCredentialDescriptor::CREDENTIAL_TYPE_PUBLIC_KEY,
'id' => hash('sha256', $credSeed . $username), 'transports' => $sel];
}
return $out;
}
// 3. The two lists match byte-for-byte, so the decoy is reproducible.
// The same call with a non-empty secret diverges, confirming the defect
// is the default value rather than the algorithm.
With the default empty secret the library's fake-credential list is bit-for-bit reproducible from the public username alone, which defeats the username enumeration mitigation. The same call with a non-empty secret diverges.
Severity
Low. The decoy responses are still well-formed and the issue only re-enables username enumeration, and only when the generator is used without a secret (which is not the case for default Symfony bundle deployments).
Credits
Found during an internal security audit of the project.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "web-auth/webauthn-lib"
},
"ranges": [
{
"events": [
{
"introduced": "4.9.0"
},
{
"fixed": "5.3.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-204",
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-07T23:39:43Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "## Impact\n\n`Webauthn\\SimpleFakeCredentialGenerator` is the library-provided default implementation of the `FakeCredentialGenerator` interface. It returns a stable list of decoy `PublicKeyCredentialDescriptor` objects for a given username so that an assertion request for an unknown user looks the same as a request for a real one, which mitigates username enumeration.\n\nThe generator derives the whole decoy list from a single seed:\n\n```php\n$seed = hash(\u0027sha256\u0027, $username . $this-\u003esecret, true);\n```\n\nWhen it is constructed without a secret (its constructor default, `$secret = \u0027\u0027`), the seed depends only on the username. The username is attacker-chosen and the algorithm is public, so an unauthenticated requester can recompute the exact, byte-for-byte decoy list the server returns for any username. The attacker then compares a probed username\u0027s response against the locally computed list and decides whether the account is real or fake, which is precisely the distinction the mechanism is meant to hide.\n\nWith any non-empty secret the seed becomes a value the attacker cannot evaluate and the mitigation holds. The defect is the empty default, not the algorithm.\n\n## Affected configurations\n\n- Direct use of the library (`web-auth/webauthn-lib`) where `SimpleFakeCredentialGenerator` is instantiated without a secret.\n- Any integration that wires the generator with an empty secret.\n\nThe Symfony bundle is not affected with its default configuration: it injects the application secret (`kernel.secret`) into the generator, so out-of-the-box deployments already use a non-empty secret. Deployments that set an empty `kernel.secret` are affected.\n\n## Patches\n\nFixed in 5.3.5. The generator now emits a deprecation when it is constructed without a secret, which surfaces the misconfiguration in logs and the Symfony profiler. A non-empty secret will be required in 6.0.0. The recommended remediation is to always provide a non-empty, deployment-specific secret.\n\n## Workarounds\n\nConstruct `SimpleFakeCredentialGenerator` with a non-empty secret value (for example the application secret), or provide a custom `FakeCredentialGenerator` implementation seeded with a secret.\n\n## Proof of concept\n\n```php\n\u003c?php\ndeclare(strict_types=1);\n\nrequire $src . \u0027/PublicKeyCredentialDescriptor.php\u0027;\nrequire $src . \u0027/FakeCredentialGenerator.php\u0027;\nrequire $src . \u0027/SimpleFakeCredentialGenerator.php\u0027;\n\nuse Webauthn\\PublicKeyCredentialDescriptor;\nuse Webauthn\\SimpleFakeCredentialGenerator;\n\n$username = \u0027alice@example.com\u0027;\n\n// 1. The \"server\" runs the library default wiring (cache=null, secret=\u0027\u0027).\n$server = new SimpleFakeCredentialGenerator();\n$refl = new ReflectionMethod(SimpleFakeCredentialGenerator::class, \u0027generateCredentials\u0027);\n$refl-\u003esetAccessible(true);\n$serverDescriptors = $refl-\u003einvoke($server, $username);\n\n// 2. The \"attacker\" recomputes the same algorithm, knowing only the username.\nfunction attackerRecompute(string $username): array {\n $transports = [\n PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_USB,\n PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_NFC,\n PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_BLE,\n PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_HYBRID,\n PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_INTERNAL,\n PublicKeyCredentialDescriptor::AUTHENTICATOR_TRANSPORT_SMART_CARD,\n ];\n $seed = hash(\u0027sha256\u0027, $username . \u0027\u0027, true); // empty secret\n $count = (ord($seed[0]) % 3) + 1;\n $out = [];\n for ($i = 0; $i \u003c $count; $i++) {\n $credSeed = hash(\u0027sha256\u0027, $seed . pack(\u0027N\u0027, $i), true);\n $transportCount = (ord($credSeed[0]) % 2) + 1;\n $sel = [];\n for ($j = 0; $j \u003c $transportCount; $j++) {\n $sel[] = $transports[ord($credSeed[$j + 1]) % count($transports)];\n }\n $sel = array_values(array_unique($sel));\n $out[] = [\u0027type\u0027 =\u003e PublicKeyCredentialDescriptor::CREDENTIAL_TYPE_PUBLIC_KEY,\n \u0027id\u0027 =\u003e hash(\u0027sha256\u0027, $credSeed . $username), \u0027transports\u0027 =\u003e $sel];\n }\n return $out;\n}\n\n// 3. The two lists match byte-for-byte, so the decoy is reproducible.\n// The same call with a non-empty secret diverges, confirming the defect\n// is the default value rather than the algorithm.\n```\n\nWith the default empty secret the library\u0027s fake-credential list is bit-for-bit reproducible from the public username alone, which defeats the username enumeration mitigation. The same call with a non-empty secret diverges.\n\n## Severity\n\nLow. The decoy responses are still well-formed and the issue only re-enables username enumeration, and only when the generator is used without a secret (which is not the case for default Symfony bundle deployments).\n\n## Credits\n\nFound during an internal security audit of the project.",
"id": "GHSA-gq4g-fpc9-vjfq",
"modified": "2026-07-07T23:40:01Z",
"published": "2026-07-07T23:39:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/web-auth/webauthn-framework/security/advisories/GHSA-gq4g-fpc9-vjfq"
},
{
"type": "PACKAGE",
"url": "https://github.com/web-auth/webauthn-framework"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Webauthn: SimpleFakeCredentialGenerator with an empty secret produces predictable fake credentials, weakening username enumeration protection"
}
GHSA-GQ67-PP9W-43GP
Vulnerability from github – Published: 2021-06-16 17:31 – Updated: 2021-05-07 21:12In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.
Mitigation: Existing web.xml configuration parameters can be used to direct MyFaces to use SecureRandom for CSRF token generation:
org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN=secureRandom org.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN=secureRandom org.apache.myfaces.RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN=secureRandom
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.myfaces.core:myfaces-core-module"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.25"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.myfaces.core:myfaces-core-module"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.myfaces.core:myfaces-core-module"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.myfaces.core:myfaces-core-module"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-26296"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-352"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-07T21:12:38Z",
"nvd_published_at": "2021-02-19T09:15:00Z",
"severity": "HIGH"
},
"details": "In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.\n\n\nMitigation:\nExisting web.xml configuration parameters can be used to direct\nMyFaces to use SecureRandom for CSRF token generation:\n\norg.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN=secureRandom\norg.apache.myfaces.RANDOM_KEY_IN_CSRF_SESSION_TOKEN=secureRandom\norg.apache.myfaces.RANDOM_KEY_IN_WEBSOCKET_SESSION_TOKEN=secureRandom",
"id": "GHSA-gq67-pp9w-43gp",
"modified": "2021-05-07T21:12:38Z",
"published": "2021-06-16T17:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26296"
},
{
"type": "WEB",
"url": "https://github.com/apache/myfaces/commit/cc6e1cc7b9aa17e52452f7f2657b3af9c421b2b2"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/MYFACES-4373"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2b73e2356c6155e9ec78fdd8f72a4fac12f3e588014f5f535106ed9b%40%3Cannounce.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210528-0007"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/161484/Apache-MyFaces-2.x-Cross-Site-Request-Forgery.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Feb/66"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Cryptographically weak CSRF tokens in Apache MyFaces"
}
GHSA-GQ6R-XFPW-CG3W
Vulnerability from github – Published: 2024-09-25 18:31 – Updated: 2024-09-26 15:30An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module.
{
"affected": [],
"aliases": [
"CVE-2024-41708"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-25T17:15:18Z",
"severity": "HIGH"
},
"details": "An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module.",
"id": "GHSA-gq6r-xfpw-cg3w",
"modified": "2024-09-26T15:30:42Z",
"published": "2024-09-25T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41708"
},
{
"type": "WEB",
"url": "https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf"
},
{
"type": "WEB",
"url": "https://github.com/AdaCore/aws"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GV9J-4W24-Q7VX
Vulnerability from github – Published: 2022-03-01 21:03 – Updated: 2022-03-01 21:03Impact
CoreDNS before 1.6.6 (using go DNS package < 1.1.25) improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
Patches
The problem has been fixed in 1.6.6+.
References
For more information
Please consult our security guide for more information regarding our security process.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/coredns/coredns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-01T21:03:11Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nCoreDNS before 1.6.6 (using go DNS package \u003c 1.1.25) improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.\n\n### Patches\nThe problem has been fixed in 1.6.6+.\n\n### References\n- [CVE-2019-19794](https://nvd.nist.gov/vuln/detail/CVE-2019-19794)\n\n### For more information\nPlease consult [our security guide](https://github.com/coredns/coredns/blob/master/.github/SECURITY.md) for more information regarding our security process.\n",
"id": "GHSA-gv9j-4w24-q7vx",
"modified": "2022-03-01T21:03:11Z",
"published": "2022-03-01T21:03:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-gv9j-4w24-q7vx"
},
{
"type": "PACKAGE",
"url": "github.com/coredns/coredns"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Improper random number generation in github.com/coredns/coredns"
}
GHSA-GVWH-H9WM-JVG4
Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:29In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.
{
"affected": [],
"aliases": [
"CVE-2020-27631"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T17:15:10Z",
"severity": "CRITICAL"
},
"details": "In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.",
"id": "GHSA-gvwh-h9wm-jvg4",
"modified": "2024-04-04T08:29:47Z",
"published": "2023-10-10T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27631"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01"
},
{
"type": "WEB",
"url": "https://www.forescout.com"
},
{
"type": "WEB",
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWCV-7XQ5-34JJ
Vulnerability from github – Published: 2023-09-05 18:30 – Updated: 2024-04-04 07:29An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-34353"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-05T17:15:08Z",
"severity": "HIGH"
},
"details": "An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.",
"id": "GHSA-gwcv-7xq5-34jj",
"modified": "2024-04-04T07:29:16Z",
"published": "2023-09-05T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34353"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H72M-3M74-9PPQ
Vulnerability from github – Published: 2022-01-27 00:01 – Updated: 2022-02-01 00:00Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.
{
"affected": [],
"aliases": [
"CVE-2021-36294"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-25T23:15:00Z",
"severity": "CRITICAL"
},
"details": "Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.",
"id": "GHSA-h72m-3m74-9ppq",
"modified": "2022-02-01T00:00:47Z",
"published": "2022-01-27T00:01:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36294"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HC4J-7MQG-CXJJ
Vulnerability from github – Published: 2022-11-16 12:00 – Updated: 2023-07-07 21:05A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is bb10a5f3c68527c58073258cb12446782d223bc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213744.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "phpservermon/phpservermon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-4241"
],
"database_specific": {
"cwe_ids": [
"CWE-1241",
"CWE-330",
"CWE-331"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-07T21:05:46Z",
"nvd_published_at": "2022-11-15T23:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function `setUserLoggedIn` of the file `src/psm/Service/User.php`. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is bb10a5f3c68527c58073258cb12446782d223bc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213744.",
"id": "GHSA-hc4j-7mqg-cxjj",
"modified": "2023-07-07T21:05:46Z",
"published": "2022-11-16T12:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4241"
},
{
"type": "WEB",
"url": "https://github.com/phpservermon/phpservermon/commit/bb10a5f3c68527c58073258cb12446782d223bc3"
},
{
"type": "PACKAGE",
"url": "https://github.com/phpservermon/phpservermon"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/1-phpservermon/phpservermon"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.213744"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "PHPServerMon PRNG has Insufficient Entropy"
}
GHSA-HC9R-5JFV-RH42
Vulnerability from github – Published: 2022-05-03 00:00 – Updated: 2022-05-11 00:02A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
{
"affected": [],
"aliases": [
"CVE-2021-41993"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-30T22:15:00Z",
"severity": "MODERATE"
},
"details": "A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.",
"id": "GHSA-hc9r-5jfv-rh42",
"modified": "2022-05-11T00:02:02Z",
"published": "2022-05-03T00:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41993"
},
{
"type": "WEB",
"url": "https://docs.pingidentity.com/bundle/pingid/page/zvy1641459415679.html"
},
{
"type": "WEB",
"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HCPQ-VW4G-3VMH
Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
{
"affected": [],
"aliases": [
"CVE-2020-1759"
],
"database_specific": {
"cwe_ids": [
"CWE-323",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-13T13:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.",
"id": "GHSA-hcpq-vw4g-3vmh",
"modified": "2022-05-24T17:14:04Z",
"published": "2022-05-24T17:14:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1759"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-39"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.