Vulnerabilities > CVE-2020-7010 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Elastic Cloud on Kubernetes

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
elastic
CWE-335

Summary

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.

Vulnerable Configurations

Part Description Count
Application
Elastic
1