Vulnerabilities > Insufficient Entropy in PRNG

DATE CVE VULNERABILITY TITLE RISK
2019-08-09 CVE-2017-18486 Insufficient Entropy in PRNG vulnerability in Jitbit Helpdesk
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter.
network
low complexity
jitbit CWE-332
6.5
2019-05-03 CVE-2019-1715 Insufficient Entropy in PRNG vulnerability in Cisco products
A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device.
network
low complexity
cisco CWE-332
5.0
2019-03-27 CVE-2019-9860 Insufficient Entropy in PRNG vulnerability in Abus products
Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.
network
low complexity
abus CWE-332
5.0
2019-03-23 CVE-2016-10743 Insufficient Entropy in PRNG vulnerability in W1.Fi Hostapd
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
network
low complexity
w1-fi CWE-332
5.0
2019-03-05 CVE-2019-0729 Insufficient Entropy in PRNG vulnerability in Microsoft Java Software Development KIT
An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'.
network
low complexity
microsoft CWE-332
7.5
2018-03-27 CVE-2018-9057 Insufficient Entropy in PRNG vulnerability in Hashicorp Terraform
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.
network
low complexity
hashicorp CWE-332
5.0
2017-11-14 CVE-2017-9371 Insufficient Entropy in PRNG vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.
4.3
2017-04-02 CVE-2014-9690 Insufficient Entropy in PRNG vulnerability in Huawei Ws318 Firmware
Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not random enough.
network
low complexity
huawei CWE-332
5.0
2016-12-23 CVE-2016-9154 Insufficient Entropy in PRNG vulnerability in Siemens products
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key.
network
low complexity
siemens CWE-332
5.0
2014-03-24 CVE-2014-0016 Insufficient Entropy in PRNG vulnerability in Stunnel
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.
network
stunnel CWE-332
4.3