Vulnerabilities > Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-23 | CVE-2019-10754 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apereo Central Authentication Service Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. | 5.5 |
2019-09-14 | CVE-2019-16303 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Jhipster A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). | 9.8 |
2019-05-28 | CVE-2019-5440 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Revive-Adserver Revive Adserver Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. | 6.8 |
2019-05-09 | CVE-2019-11842 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Matrix Sydent and Synapse An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. | 5.0 |
2019-05-07 | CVE-2019-11808 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ratpack Project Ratpack Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. | 4.3 |
2018-11-13 | CVE-2018-15795 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Pivotal Software Credhub Service Broker 1.0.0/1.0.1/1.0.2 Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. | 5.5 |
2018-10-23 | CVE-2018-17968 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ruletkaio A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. | 5.0 |
2018-10-23 | CVE-2018-17877 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Greedy599 Greedy 599 A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. | 5.0 |
2018-09-24 | CVE-2018-12975 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cryptosaga The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). | 7.5 |
2018-09-20 | CVE-2018-5871 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected. | 3.3 |