CVE-2018-1000620

EPSS 0.36%
Veröffentlicht 09.07.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:40:14
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cryptiles Project ≫ Cryptiles Version < 3.1.3

Cryptiles Project ≫ Cryptiles Version >= 4.1.0 < 4.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.573

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

https://github.com/hapijs/cryptiles/issues/34

Patch

Third Party Advisory

Issue Tracking

https://github.com/hapijs/cryptiles/issues/35

https://nvd.nist.gov/vuln/detail/CVE-2018-1000620

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1000620

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1000620

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-1000620