VYPR

CWE-331

Insufficient Entropy

BaseDraft

Description

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-59

CVEs mapped to this weakness (72)

page 4 of 4
  • CVE-2021-4238Dec 27, 2022
    risk 0.00cvss epss 0.01

    Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short…

  • CVE-2021-4240Nov 15, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been…

  • CVE-2021-4241Nov 15, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to…

  • CVE-2022-31034Jun 27, 2022
    risk 0.00cvss epss 0.01

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently…

  • CVE-2021-29471May 11, 2021
    risk 0.00cvss epss 0.02

    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including…

  • CVE-2020-28924Nov 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was…

  • CVE-2017-18883Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.

  • CVE-2015-8851Jan 30, 2020
    risk 0.00cvss epss 0.02

    node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

  • CVE-2019-14806Aug 9, 2019
    risk 0.00cvss epss 0.02

    Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

  • CVE-2017-2626MedJul 27, 2018
    risk 0.00cvss 5.2epss 0.00

    It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

  • CVE-2017-2625MedJul 27, 2018
    risk 0.00cvss 6.5epss 0.01

    It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users'…

  • CVE-2012-4687Dec 8, 2012
    risk 0.00cvss epss 0.01

    Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.