CVE-2020-28924
Description
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The AI Insight narrative is available to signed-in members. Sign in or create a free account to read it.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rclone/rcloneGo | < 1.53.3 | 1.53.3 |
Affected products
8- Rclone/rclonedescription
- osv-coords7 versionspkg:bitnami/rclonepkg:golang/github.com/rclone/rclonepkg:rpm/opensuse/rclone&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/rclone&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/rclone&distro=openSUSE%20Tumbleweedpkg:rpm/suse/rclone&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/rclone&distro=SUSE%20Package%20Hub%2015%20SP2
< 1.53.3+ 6 more
- (no CPE)range: < 1.53.3
- (no CPE)range: < 1.53.3
- (no CPE)range: < 1.53.3-lp151.3.6.1
- (no CPE)range: < 1.53.3-lp152.2.3.1
- (no CPE)range: < 1.55.1-1.3
- (no CPE)range: < 1.53.3-bp151.4.6.1
- (no CPE)range: < 1.53.3-bp152.2.4.11
Patches
Discovered fix commits and diffs is available to signed-in members. Sign in or create a free account to read it.
Vulnerability mechanics
Root cause
"Accidental replacement of `crypto/rand` with `math/rand` in the `random.Password` function, combined with seeding `math/rand` using `time.Now().Unix()` (one-second granularity), produces passwords with drastically reduced entropy."
Attack vector
An attacker can exploit the weak password generation by enumerating all possible passwords, which are deterministically derived from the Unix timestamp at which rclone was started. Because `math/rand` is seeded with `time.Now().Unix()` (one-second granularity), the effective entropy is drastically reduced — only about 38 million possible passwords per length [ref_id=2]. This makes brute-force decryption of data encrypted with the `crypt` backend feasible [CWE-331][CWE-338].
Affected code
The vulnerability was introduced in commit `193c30d` when `random.Password` was factored into `lib/random`. In that refactor, `crypto/rand` was accidentally replaced with `math/rand`, affecting password generation in `fs/config/config.go`, `fs/rc/rcserver/rcserver.go`, and `lib/oauthutil/oauthutil.go`. The seed was initialized in `cmd/cmd.go` using `rand.Seed(time.Now().Unix())`, which only changes once per second.
What the fix does
The patch replaces `math/rand` with `crypto/rand` in the `random.Password` function, restoring cryptographically strong randomness. The advisory notes that all passwords generated by rclone 1.49.0 through 1.53.2 should be changed [ref_id=2]. No further code-level fix details are present in the bundle beyond the identification of the accidental `crypto/rand` → `math/rand` substitution.
Preconditions
- configThe victim must have used rclone 1.49.0 through 1.53.2 to generate a password via `rclone config` (or the web UI) that is subsequently used to protect data (e.g., with the `crypt` backend).
- inputThe attacker must know or be able to approximate the time window when rclone was started, or be willing to brute-force the ~38 million possible passwords per length.
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-rmw5-xpg9-jr29ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-28924ghsaADVISORY
- security.gentoo.org/glsa/202107-14ghsavendor-advisoryx_refsource_GENTOOWEB
- github.com/rclone/rclone/issues/4783ghsax_refsource_MISCWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCDghsaWEB
- rclone.org/downloads/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.