Описание
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.12.0 (включая)
cpe:2.3:a:hashicorp:terraform:*:*:*:*:*:aws:*:*
EPSS
Процентиль: 62%
0.00437
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-332
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG
EPSS
Процентиль: 62%
0.00437
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-332