CVE-2013-4442

Опубликовано: 19 дек. 2014

Источник: debian

Описание

Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pwgen	fixed	2.07-1		package

Примечания

/dev/random is universally available, if an attacker can create an environment
where it's not available that opens a far bigger can of worms

Связанные уязвимости

CVE-2013-4442

ubuntu

около 11 лет назад

Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-4442

nvd

около 11 лет назад

Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

GHSA-gfx4-cf3g-8q5m

github

больше 3 лет назад

Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.