Vulnerabilities > Insufficient Entropy

DATE CVE VULNERABILITY TITLE RISK
2021-04-19 CVE-2021-3505 Insufficient Entropy vulnerability in multiple products
A flaw was found in libtpms in versions before 0.8.0.
5.5
2020-07-15 CVE-2020-10285 Insufficient Entropy vulnerability in Ufactory Xarm 5 Lite Firmware 1.5.0
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack.
network
low complexity
ufactory CWE-331
7.5
2020-06-19 CVE-2017-18883 Insufficient Entropy vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider.
6.4
2020-06-09 CVE-2020-11957 Insufficient Entropy vulnerability in Cypress Psoc 4.2 BLE
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing.
5.4
2020-05-08 CVE-2020-12735 Insufficient Entropy vulnerability in Domainmod 4.13.0
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
network
low complexity
domainmod CWE-331
7.5
2020-03-27 CVE-2020-1773 Insufficient Entropy vulnerability in Otrs
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords.
network
low complexity
otrs CWE-331
8.1
2020-02-28 CVE-2015-3006 Insufficient Entropy vulnerability in Juniper Junos
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates.
network
low complexity
juniper CWE-331
6.8
2020-02-28 CVE-2019-10064 Insufficient Entropy vulnerability in multiple products
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values.
network
low complexity
w1-fi debian CWE-331
5.0
2020-01-30 CVE-2015-8851 Insufficient Entropy vulnerability in Node-Uuid Project Node-Uuid
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.
network
low complexity
node-uuid-project CWE-331
5.0
2019-11-04 CVE-2013-2260 Insufficient Entropy vulnerability in Cryptocat Project Cryptocat
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
network
low complexity
cryptocat-project CWE-331
5.0