7.8
CVE-2011-0766
- EPSS 3.05%
- Veröffentlicht 31.05.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:28:01
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.05% | 0.858 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
http://secunia.com/advisories/44709
http://www.kb.cert.org/vuls/id/178990
http://www.securityfocus.com/bid/47980
https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5