High severity7.5NVD Advisory· Published Dec 4, 2001· Updated Apr 16, 2026

CVE-2001-0950

Description

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.

Affected products

Valicert/Enterprise Validation Authority
cpe:2.3:a:valicert:enterprise_validation_authority:*:*:*:*:*:*:*:*
Range: >=3.3,<=4.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/3618nvdBroken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
www.securityfocus.com/bid/3620nvdBroken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
marc.infonvdExploitMailing List
exchange.xforce.ibmcloud.com/vulnerabilities/7651nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/7653nvdThird Party AdvisoryVDB Entry
www.valicert.com/support/security_advisory_eva.htmlnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000