Vulnerabilities > Insufficient Entropy

DATE	CVE	VULNERABILITY TITLE	RISK
2008-05-07	CVE-2008-2108	Insufficient Entropy vulnerability in multiple products The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. network low complexity php fedoraproject canonical debian CWE-331 critical	9.8
2001-12-04	CVE-2001-0950	Insufficient Entropy vulnerability in Valicert Enterprise Validation Authority 3.3/4.2.1 ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing. network low complexity valicert CWE-331	7.5

Vulnerabilities > Insufficient Entropy {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Insufficient Entropy"}]}