Latest Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-11-19 CVE-2020-28924 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Rclone
An issue was discovered in Rclone before 1.53.3.
network
low complexity
rclone CWE-338
5.0
2020-11-16 CVE-2020-28642 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Infinitewp 2.4.2/2.4.3
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.
network
low complexity
infinitewp CWE-338
7.5
2020-06-03 CVE-2020-13784 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Dlink Dir-865L Firmware 1.20B01
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
network
low complexity
dlink CWE-338
5.0
2020-05-08 CVE-2020-6616 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Google Android
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing.
low complexity
google CWE-338
3.3
2020-03-20 CVE-2019-15075 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Inextrix Astpp
An issue was discovered in iNextrix ASTPP before 4.0.1.
network
low complexity
inextrix CWE-338
5.0
2019-12-13 CVE-2019-19794 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Miekg-Dns Project Miekg-Dns
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used.
4.3
2019-11-05 CVE-2019-8113 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Magento
Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
network
low complexity
magento CWE-338
5.0
2019-10-31 CVE-2012-6124 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Call-Cc Chicken
A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value.
network
low complexity
call-cc CWE-338
5.0
2019-09-26 CVE-2015-9435 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Dash10 Oauth Server
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.
network
low complexity
dash10 CWE-338
7.5
2019-09-23 CVE-2019-10755 USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in Pac4J
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
network
low complexity
pac4j CWE-338
4.0