Vulnerabilities > Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-15 | CVE-2018-12056 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in All-For-One ALL for ONE The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. | 7.5 |
| 2018-08-07 | CVE-2018-12885 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Mycryptochamp The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). | 4.3 |
| 2018-08-03 | CVE-2018-14715 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cryptogs The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. | 7.5 |
| 2018-06-17 | CVE-2018-12454 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in 1000Guess 1000 Guess The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). | 7.5 |
| 2018-06-04 | CVE-2017-16028 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Randomatic Project Randomatic react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. | 5.0 |
| 2018-01-05 | CVE-2017-18021 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qtpass It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. | 5.0 |
| 2017-12-27 | CVE-2017-17845 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.3 |
| 2017-07-26 | CVE-2017-11671 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in GNU GCC Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. | 2.1 |
| 2017-05-24 | CVE-2017-9230 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Bitcoin The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. | 7.5 |
| 2017-04-30 | CVE-2017-8081 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cagintranetworks Getsimple CMS 3.3.13 Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce. | 6.8 |