Vulnerabilities > Insufficient Entropy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-09 | CVE-2018-1000620 | Insufficient Entropy vulnerability in Cryptiles Project Cryptiles 4.1.1 Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. | 5.0 |
| 2018-05-16 | CVE-2018-10240 | Insufficient Entropy vulnerability in Solarwinds Serv-U 15.1.6 SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. | 5.0 |
| 2018-04-12 | CVE-2014-8422 | Insufficient Entropy vulnerability in Unify Openscape Desk Phone IP SIP and Openstage SIP The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | 6.8 |
| 2017-10-24 | CVE-2014-0691 | Insufficient Entropy vulnerability in Cisco Webex Meetings Server 1.0 Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643. | 5.0 |
| 2017-10-05 | CVE-2017-13992 | Insufficient Entropy vulnerability in Loytec Lvis-3Me Firmware An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. | 6.8 |
| 2017-08-09 | CVE-2015-7764 | Insufficient Entropy vulnerability in Netflix Lemur 0.1.4 Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. | 5.0 |
| 2017-08-09 | CVE-2015-3405 | Insufficient Entropy vulnerability in multiple products ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | 7.5 |
| 2017-06-30 | CVE-2017-6030 | Insufficient Entropy vulnerability in Schneider-Electric products A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. | 6.4 |
| 2017-06-22 | CVE-2017-0897 | Insufficient Entropy vulnerability in Expressionengine ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. | 5.0 |
| 2017-04-23 | CVE-2016-2564 | Insufficient Entropy vulnerability in Invisioncommunity Invision Power Board Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. | 5.9 |