Vulnerabilities > CVE-2018-15795 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Pivotal Software Credhub Service Broker 1.0.0/1.0.1/1.0.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |