Common Weakness Enumeration

CWE-330

Discouraged

Use of Insufficiently Random Values

Abstraction: Class · Status: Stable

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

445 vulnerabilities reference this CWE, most recent first.

GHSA-M42H-MH85-4QGC

Vulnerability from github – Published: 2019-03-13 17:28 – Updated: 2023-07-05 20:28
VLAI
Summary
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Details

Possible Remote Code Execution Exploit in Rails Development Mode

Impact

With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

All users running an affected release should either upgrade or use one of the workarounds immediately.

Releases

The 6.0.0.beta3 and 5.2.2.1 releases are available at the normal locations.

Workarounds

This issue can be mitigated by specifying a secret key in development mode. In "config/environments/development.rb" add this:

  config.secret_key_base = SecureRandom.hex(64) 

Please note that only the 5.2.x, 5.1.x, 5.0.x, and 4.2.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Credits

Thanks to ooooooo_q

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.2.2.0"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "railties"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.2.0"
            },
            {
              "fixed": "5.2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-5420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-77"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:44:46Z",
    "nvd_published_at": "2019-03-27T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "# Possible Remote Code Execution Exploit in Rails Development Mode\n\nImpact \n------ \nWith some knowledge of a target application it is possible for an attacker to  guess the automatically generated development mode secret token.  This secret  token can be used in combination with other Rails internals to escalate to a remote code execution exploit. \n\nAll users running an affected release should either upgrade or use one of the workarounds immediately. \n\nReleases \n-------- \nThe 6.0.0.beta3 and 5.2.2.1 releases are available at the normal locations. \n\nWorkarounds \n----------- \nThis issue can be mitigated by specifying a secret key in development mode. \nIn \"config/environments/development.rb\" add this: \n\n```\n  config.secret_key_base = SecureRandom.hex(64) \n```\n\nPlease note that only the 5.2.x, 5.1.x, 5.0.x, and 4.2.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases. \n\nCredits \n------- \nThanks to ooooooo_q \n",
  "id": "GHSA-m42h-mh85-4qgc",
  "modified": "2023-07-05T20:28:26Z",
  "published": "2019-03-13T17:28:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5420"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA"
    },
    {
      "type": "WEB",
      "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46785"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of Insufficiently Random Values in Railties Allows Remote Code Execution"
}

GHSA-M4X9-HX6X-2C43

Vulnerability from github – Published: 2026-04-28 00:31 – Updated: 2026-05-06 18:54
VLAI
Summary
Spring Boot's random value property source uses a weak PRNG unsuitable for secrets
Details

Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range.

Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.boot:spring-boot-cassandra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.boot:spring-boot-cassandra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.5.0"
            },
            {
              "fixed": "3.5.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.boot:spring-boot-cassandra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.4.0"
            },
            {
              "last_affected": "3.4.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.boot:spring-boot-cassandra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.0"
            },
            {
              "last_affected": "3.3.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.boot:spring-boot-cassandra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.7.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40975"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T18:54:42Z",
    "nvd_published_at": "2026-04-28T00:16:24Z",
    "severity": "MODERATE"
  },
  "details": "Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.",
  "id": "GHSA-m4x9-hx6x-2c43",
  "modified": "2026-05-06T18:54:42Z",
  "published": "2026-04-28T00:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40975"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-boot"
    },
    {
      "type": "WEB",
      "url": "https://spring.io/security/cve-2026-40975"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Spring Boot\u0027s random value property source uses a weak PRNG unsuitable for secrets"
}

GHSA-M79F-7MXR-WCCP

Vulnerability from github – Published: 2025-07-01 00:30 – Updated: 2025-07-01 00:30
VLAI
Details

A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-30T23:15:21Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
  "id": "GHSA-m79f-7mxr-wccp",
  "modified": "2025-07-01T00:30:32Z",
  "published": "2025-07-01T00:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6931"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.314443"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.314443"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.605592"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.605593"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.605596"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com"
    },
    {
      "type": "WEB",
      "url": "http://cdn2.v50to.cc/dlink/DCS-6517B1_FW_v2.02.01/report_3.pdf"
    },
    {
      "type": "WEB",
      "url": "http://cdn2.v50to.cc/dlink/DCS-7517_B1_FW_v2.02.01/report_1.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MHFQ-8C27-VP58

Vulnerability from github – Published: 2025-01-30 21:31 – Updated: 2025-07-29 21:30
VLAI
Details

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10604"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-30T20:15:33Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances",
  "id": "GHSA-mhfq-8c27-vp58",
  "modified": "2025-07-29T21:30:34Z",
  "published": "2025-01-30T21:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10604"
    },
    {
      "type": "WEB",
      "url": "https://fuchsia.googlesource.com/fuchsia/+/40e7fbcdcd013441daf4492f1ead349a9e5b80dc"
    },
    {
      "type": "WEB",
      "url": "https://fuchsia.googlesource.com/fuchsia/+/a3c17a4d6b3140f9175d6cf6ac4eb4e775f8dea8"
    },
    {
      "type": "WEB",
      "url": "https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MPWR-MCF8-J693

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18375"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-16T01:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.",
  "id": "GHSA-mpwr-mcf8-j693",
  "modified": "2022-05-13T01:50:40Z",
  "published": "2022-05-13T01:50:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18375"
    },
    {
      "type": "WEB",
      "url": "https://github.com/remix30303/AirBoxAPNLeaks"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MRV6-5RXR-645F

Vulnerability from github – Published: 2025-06-12 15:31 – Updated: 2026-01-26 21:30
VLAI
Details

The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49198"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-12T15:15:40Z",
    "severity": "LOW"
  },
  "details": "The Media Server\u2019s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.",
  "id": "GHSA-mrv6-5rxr-645f",
  "modified": "2026-01-26T21:30:30Z",
  "published": "2025-06-12T15:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49198"
    },
    {
      "type": "WEB",
      "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/3.1"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MWJR-JWF4-2G7P

Vulnerability from github – Published: 2024-06-02 15:30 – Updated: 2024-06-02 15:30
VLAI
Details

MileSight DeviceHub -

CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-02T14:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "MileSight DeviceHub - \n\n\n\n\n\nCWE-330 Use of Insufficiently Random Values may allow Authentication Bypass",
  "id": "GHSA-mwjr-jwf4-2g7p",
  "modified": "2024-06-02T15:30:37Z",
  "published": "2024-06-02T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36389"
    },
    {
      "type": "WEB",
      "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MXRV-CP62-8842

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46
VLAI
Details

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-17T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",
  "id": "GHSA-mxrv-cp62-8842",
  "modified": "2025-04-20T03:46:54Z",
  "published": "2022-05-13T01:43:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13084"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/vulnerabilities/kracks"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201711-03"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
    },
    {
      "type": "WEB",
      "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.krackattacks.com"
    },
    {
      "type": "WEB",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/228519"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101274"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039576"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039577"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039581"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P2MW-HVW2-HHXV

Vulnerability from github – Published: 2022-05-03 00:00 – Updated: 2022-05-11 00:02
VLAI
Details

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41994"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-30T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.",
  "id": "GHSA-p2mw-hvw2-hhxv",
  "modified": "2022-05-11T00:02:02Z",
  "published": "2022-05-03T00:00:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41994"
    },
    {
      "type": "WEB",
      "url": "https://docs.pingidentity.com/bundle/pingid/page/ejd1642076304199.html"
    },
    {
      "type": "WEB",
      "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P3RP-7C36-7FJF

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-08-02 00:00
VLAI
Details

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-05T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.",
  "id": "GHSA-p3rp-7c36-7fjf",
  "modified": "2022-08-02T00:00:33Z",
  "published": "2022-05-24T19:10:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25444"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
  • In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
  • Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Implementation

Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.

Mitigation MIT-2
Architecture and Design Requirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-485: Signature Spoofing by Key Recreation

An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.