Vulnerabilities > CVE-2019-0729 - Insufficient Entropy in PRNG vulnerability in Microsoft Java Software Development KIT

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
CWE-332

Summary

An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Common Weakness Enumeration (CWE)