Vulnerabilities > Insufficient Entropy

DATE CVE VULNERABILITY TITLE RISK
2020-06-19 CVE-2017-18883 Insufficient Entropy vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider.
6.4
2020-06-09 CVE-2020-11957 Insufficient Entropy vulnerability in Cypress Psoc 4.2 BLE
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing.
5.4
2020-05-08 CVE-2020-12735 Insufficient Entropy vulnerability in Domainmod 4.13.0
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
network
low complexity
domainmod CWE-331
7.5
2020-03-27 CVE-2020-1773 Insufficient Entropy vulnerability in Otrs
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords.
network
low complexity
otrs CWE-331
5.5
2020-02-28 CVE-2015-3006 Insufficient Entropy vulnerability in Juniper Junos
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates.
network
low complexity
juniper CWE-331
6.8
2020-02-28 CVE-2019-10064 Insufficient Entropy vulnerability in W1.Fi Hostapd
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values.
network
low complexity
w1-fi CWE-331
5.0
2020-01-30 CVE-2015-8851 Insufficient Entropy vulnerability in Node-Uuid Project Node-Uuid
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.
network
low complexity
node-uuid-project CWE-331
5.0
2019-11-04 CVE-2013-2260 Insufficient Entropy vulnerability in Cryptocat Project Cryptocat
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
network
low complexity
cryptocat-project CWE-331
5.0
2019-10-24 CVE-2019-15703 Insufficient Entropy vulnerability in Fortinet Fortios
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.
network
high complexity
fortinet CWE-331
2.6
2019-09-02 CVE-2019-15847 Insufficient Entropy vulnerability in GNU GCC
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator.
network
low complexity
gnu CWE-331
5.0