Vulnerabilities > Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2022-23472 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Passeo Project Passeo
Passeo is an open source python password generator.
network
low complexity
passeo-project CWE-338
7.5
7.5
2022-12-05 CVE-2022-35255 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc.
network
low complexity
nodejs siemens debian CWE-338
critical
 9.1
9.1
2022-11-07 CVE-2022-44796 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Objectfirst Object First 1.0.7.712
An issue was discovered in Object First Ootbi BETA build 1.0.7.712.
network
low complexity
objectfirst CWE-338
critical
 9.8
9.8
2022-10-11 CVE-2022-41210 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in SAP Customer Data Cloud 7.4
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers.
low complexity
sap CWE-338
5.2
5.2
2022-07-06 CVE-2022-33738 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Openvpn Access Server
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal
network
low complexity
openvpn CWE-338
5.0
5.0
2022-06-15 CVE-2022-20817 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cisco products
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode.
network
high complexity
cisco CWE-338
7.4
7.4
2022-05-31 CVE-2022-29245 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ssh.Net Project Ssh.Net 2020.0.0/2020.0.1
SSH.NET is a Secure Shell (SSH) library for .NET.
network
high complexity
ssh-net-project CWE-338
5.9
5.9
2022-04-11 CVE-2022-0828 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Wpdownloadmanager Wordpress Download Manager
The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
network
low complexity
wpdownloadmanager CWE-338
7.5
7.5
2022-03-15 CVE-2022-26779 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cloudstack
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens.
network
high complexity
apache CWE-338
4.6
4.6
2022-03-01 CVE-2021-36171 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Fortinet Fortiportal
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.
network
fortinet CWE-338
6.8
6.8