Vulnerabilities > Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-04 | CVE-2017-16028 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Randomatic Project Randomatic react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. | 5.3 |
| 2018-01-05 | CVE-2017-18021 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qtpass It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. | 9.8 |
| 2017-12-27 | CVE-2017-17845 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.3 |
| 2017-07-26 | CVE-2017-11671 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in GNU GCC Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. | 4.0 |
| 2017-05-24 | CVE-2017-9230 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Bitcoin The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. | 7.5 |
| 2017-04-30 | CVE-2017-8081 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cagintranetworks Getsimple CMS 3.3.13 Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce. | 8.8 |
| 2017-01-15 | CVE-2017-5493 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Wordpress wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. | 7.5 |
| 2009-09-21 | CVE-2009-3278 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qnap Ts-239 PRO Firmware and Ts-639 PRO Firmware The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack. | 5.5 |
| 2009-09-18 | CVE-2009-3238 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." | 5.5 |
| 2009-07-08 | CVE-2009-2367 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Iomega Storcenter PRO Firmware cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter. | 9.8 |