Vulnerabilities > Insufficient Entropy
|2020-06-19||CVE-2017-18883|| Insufficient Entropy vulnerability in Mattermost Server |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider.
| 6.4 |
|2020-06-09||CVE-2020-11957|| Insufficient Entropy vulnerability in Cypress Psoc 4.2 BLE |
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing.
| 5.4 |
|2020-05-08||CVE-2020-12735|| Insufficient Entropy vulnerability in Domainmod 4.13.0 |
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
| 7.5 |
|2020-03-27||CVE-2020-1773|| Insufficient Entropy vulnerability in Otrs |
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords.
| 5.5 |
|2020-02-28||CVE-2015-3006|| Insufficient Entropy vulnerability in Juniper Junos |
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates.
| 6.8 |
|2020-02-28||CVE-2019-10064|| Insufficient Entropy vulnerability in W1.Fi Hostapd |
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values.
| 5.0 |
|2020-01-30||CVE-2015-8851|| Insufficient Entropy vulnerability in Node-Uuid Project Node-Uuid |
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.
| 5.0 |
|2019-11-04||CVE-2013-2260|| Insufficient Entropy vulnerability in Cryptocat Project Cryptocat |
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
| 5.0 |
|2019-10-24||CVE-2019-15703|| Insufficient Entropy vulnerability in Fortinet Fortios |
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.
| 2.6 |
|2019-09-02||CVE-2019-15847|| Insufficient Entropy vulnerability in GNU GCC |
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator.
| 5.0 |