CVE-2020-7010 - Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random num

CVE-2020-7010

Summary

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.

References

https://www.elastic.co/community/security/

Vulnerable Configurations

cpe:2.3:a:elastic:elastic_cloud_on_kubernetes:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:elastic_cloud_on_kubernetes:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 10-02-2024 - 03:00)
Impact:
Exploitability:

CWE

CWE-335

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

https://www.elastic.co/community/security/

Last major update

10-02-2024 - 03:00

Published

03-06-2020 - 18:15

Last modified

10-02-2024 - 03:00