Vulnerabilities > Insufficient Entropy in PRNG

DATE CVE VULNERABILITY TITLE RISK
2019-08-09 CVE-2017-18486 Insufficient Entropy in PRNG vulnerability in Jitbit Helpdesk
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter.
network
low complexity
jitbit CWE-332
7.2
2019-05-03 CVE-2019-1715 Insufficient Entropy in PRNG vulnerability in Cisco products
A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device.
network
low complexity
cisco CWE-332
7.5
2019-03-23 CVE-2016-10743 Insufficient Entropy in PRNG vulnerability in W1.Fi Hostapd
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
network
low complexity
w1-fi CWE-332
7.5
2018-03-27 CVE-2018-9057 Insufficient Entropy in PRNG vulnerability in Hashicorp Terraform
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.
network
low complexity
hashicorp CWE-332
critical
9.8
2017-11-14 CVE-2017-9371 Insufficient Entropy in PRNG vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.
network
high complexity
blackberry CWE-332
5.9
2017-04-02 CVE-2014-9690 Insufficient Entropy in PRNG vulnerability in Huawei Ws318 Firmware V100R001C01B022
Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not random enough.
network
low complexity
huawei CWE-332
7.5
2016-12-23 CVE-2016-9154 Insufficient Entropy in PRNG vulnerability in Siemens products
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key.
network
low complexity
siemens CWE-332
7.5