Vulnerabilities > Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-45723 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Gotenna
The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys.
low complexity
gotenna CWE-338
6.5
6.5
2024-09-26 CVE-2024-47126 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Gotenna PRO
The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys.
low complexity
gotenna CWE-338
8.8
8.8
2024-05-23 CVE-2024-5264 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Thalesgroup Luna EFT 2.1
Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis
network
low complexity
thalesgroup CWE-338
6.5
6.5
2024-04-15 CVE-2024-31497 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. 		5.9
5.9
2024-02-08 CVE-2024-23660 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Binance Trust Wallet 0.0.4
The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023.
network
low complexity
binance CWE-338
7.5
7.5
2024-01-16 CVE-2023-45236 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number.
network
low complexity
tianocore CWE-338
7.5
7.5
2024-01-16 CVE-2023-45237 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number.
network
low complexity
tianocore CWE-338
7.5
7.5
2023-11-15 CVE-2023-48224 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ethyca Fides
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code.
network
low complexity
ethyca CWE-338
critical
 9.1
9.1
2023-10-19 CVE-2023-27791 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ixpdata Easyinstall 6.6.148840
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG.
network
high complexity
ixpdata CWE-338
8.1
8.1
2023-10-19 CVE-2022-26943 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Motorola Mtm5400 Firmware and Mtm5500 Firmware
The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source.
low complexity
motorola CWE-338
8.8
8.8