CVE-2018-1000620

Опубликовано: 09 июл. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

Ссылки

https://github.com/hapijs/cryptiles/issues/34
Issue Tracking
Patch
Third Party Advisory
https://github.com/hapijs/cryptiles/issues/35
https://github.com/hapijs/cryptiles/issues/34
Issue Tracking
Patch
Third Party Advisory
https://github.com/hapijs/cryptiles/issues/35

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cryptiles_project:cryptiles:*:*:*:*:*:*:*:*

Версия до 3.1.3 (исключая)

cpe:2.3:a:cryptiles_project:cryptiles:*:*:*:*:*:*:*:*

Версия от 4.1.0 (включая) до 4.1.2 (исключая)

EPSS

Процентиль: 57%

0.00355

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-331

Связанные уязвимости

CVE-2018-1000620

CVSS3: 3.7

redhat

больше 7 лет назад

GHSA-rq8g-5pc5-wrhr