Описание
Insufficient Entropy in DotNetNuke
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Пакеты
Наименование
DotNetNuke.Core
nuget
Затронутые версииВерсия исправления
< 9.3.0
9.3.0
Связанные уязвимости
CVSS3: 7.5
nvd
около 6 лет назад
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.