Vulnerabilities > Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-16 | CVE-2020-28642 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Infinitewp 2.4.2/2.4.3 In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. | 9.8 |
| 2020-10-29 | CVE-2020-11616 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure. | 7.5 |
| 2020-03-30 | CVE-2020-10560 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Opensource-Socialnetwork Open Source Social Network An issue was discovered in Open Source Social Network (OSSN) through 5.3. | 5.9 |
| 2019-12-13 | CVE-2019-19794 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Miekg-Dns Project Miekg-Dns The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. | 5.9 |
| 2019-11-05 | CVE-2019-8113 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. | 5.3 |
| 2019-10-31 | CVE-2012-6124 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Call-Cc Chicken A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. | 5.3 |
| 2019-09-26 | CVE-2015-9435 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dash10 Oauth Server The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers. | 9.8 |
| 2019-09-23 | CVE-2019-10755 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Pac4J The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. | 4.9 |
| 2019-09-23 | CVE-2019-10754 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apereo Central Authentication Service Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. | 8.1 |
| 2019-09-14 | CVE-2019-16303 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Jhipster A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). | 9.8 |