Vulnerabilities > CVE-2015-7764 - Insufficient Entropy vulnerability in Netflix Lemur 0.1.4

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
netflix
CWE-331

Summary

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.

Vulnerable Configurations

Part Description Count
Application
Netflix
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.