CWE-336
Same Seed in Pseudo-Random Number Generator (PRNG)
A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.
CVE-2021-42810 (GCVE-0-2021-42810)
Vulnerability from cvelistv5 – Published: 2022-01-19 17:12 – Updated: 2024-09-17 01:41
VLAI?
Title
Safenet Authentication Service Remote Desktop Gateway prior to 2.0.3 may allow privilege escilation to authenticated users
Summary
A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.
Severity ?
7.8 (High)
CWE
- CWE-336 - Same Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Thales | SafeNet Authentication Service |
Affected:
Remote Desktop Gateway , < 2.0.3
(custom)
|
Credits
Ronnie Salomonsen, Mandiant
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpl.thalesgroup.com/support/security-updates"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SafeNet Authentication Service",
"vendor": "Thales",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "Remote Desktop Gateway",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ronnie Salomonsen, Mandiant"
}
],
"datePublic": "2022-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-336",
"description": "CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T18:48:10",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpl.thalesgroup.com/support/security-updates"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Safenet Authentication Service Remote Desktop Gateway to version 2.0.3 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Safenet Authentication Service Remote Desktop Gateway prior to 2.0.3 may allow privilege escilation to authenticated users",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@thalesgroup.com",
"DATE_PUBLIC": "2022-01-19T00:00:00.000Z",
"ID": "CVE-2021-42810",
"STATE": "PUBLIC",
"TITLE": "Safenet Authentication Service Remote Desktop Gateway prior to 2.0.3 may allow privilege escilation to authenticated users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SafeNet Authentication Service",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Remote Desktop Gateway",
"version_value": "2.0.3"
}
]
}
}
]
},
"vendor_name": "Thales"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ronnie Salomonsen, Mandiant"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpl.thalesgroup.com/support/security-updates",
"refsource": "MISC",
"url": "https://cpl.thalesgroup.com/support/security-updates"
},
{
"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md",
"refsource": "MISC",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Safenet Authentication Service Remote Desktop Gateway to version 2.0.3 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2021-42810",
"datePublished": "2022-01-19T17:12:02.882172Z",
"dateReserved": "2021-10-21T00:00:00",
"dateUpdated": "2024-09-17T01:41:35.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-24044 (GCVE-0-2026-24044)
Vulnerability from cvelistv5 – Published: 2026-02-12 19:06 – Updated: 2026-02-12 20:05
VLAI?
Title
ESS Community Helm Chart has a weak server key generation method
Summary
Element Server Suite Community Edition (ESS Community) deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook (using matrix-tools container before 0.5.7) is using an insecure Matrix server key generation method, allowing network attackers to potentially recreate the same key pair, allowing them to impersonate the victim server. The secret is generated by the secrets initialization hook, in the ESS Community Helm Chart values, if both initSecrets.enabled is not set to false and synapse.signingKey is not defined. Given a server key in Matrix authenticates both requests originating from and events constructed on a given server, this potentially impacts confidentiality, integrity and availability of rooms which have a vulnerable server present as a member. The confidentiality of past conversations in end-to-end encrypted rooms is not impacted. The key generation issue was fixed in matrix-tools 0.5.7, released as part of ESS Community Helm Chart 25.12.1.
Severity ?
CWE
- CWE-336 - Same Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| element-hq | ess-helm |
Affected:
< 25.12.1
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T20:05:42.483919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T20:05:49.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ess-helm",
"vendor": "element-hq",
"versions": [
{
"status": "affected",
"version": "\u003c 25.12.1"
}
]
},
{
"product": "matrix-tools",
"vendor": "element-hq",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Element Server Suite Community Edition (ESS Community) deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook (using matrix-tools container before 0.5.7) is using an insecure Matrix server key generation method, allowing network attackers to potentially recreate the same key pair, allowing them to impersonate the victim server. The secret is generated by the secrets initialization hook, in the ESS Community Helm Chart values, if both initSecrets.enabled is not set to false and synapse.signingKey is not defined. Given a server key in Matrix authenticates both requests originating from and events constructed on a given server, this potentially impacts confidentiality, integrity and availability of rooms which have a vulnerable server present as a member. The confidentiality of past conversations in end-to-end encrypted rooms is not impacted. The key generation issue was fixed in matrix-tools 0.5.7, released as part of ESS Community Helm Chart 25.12.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-336",
"description": "CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T19:06:12.998Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/element-hq/ess-helm/security/advisories/GHSA-qwcj-h6m8-vp6q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/element-hq/ess-helm/security/advisories/GHSA-qwcj-h6m8-vp6q"
},
{
"name": "https://github.com/element-hq/ess-helm/blob/main/docs/maintenance.md#fixing-cve-2026-24044elementsec-2025-1670-manually",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/element-hq/ess-helm/blob/main/docs/maintenance.md#fixing-cve-2026-24044elementsec-2025-1670-manually"
},
{
"name": "https://github.com/element-hq/ess-helm/releases/tag/25.12.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/element-hq/ess-helm/releases/tag/25.12.2"
}
],
"source": {
"advisory": "GHSA-qwcj-h6m8-vp6q",
"discovery": "UNKNOWN"
},
"title": "ESS Community Helm Chart has a weak server key generation method"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24044",
"datePublished": "2026-02-12T19:06:12.998Z",
"dateReserved": "2026-01-20T22:30:11.777Z",
"dateUpdated": "2026-02-12T20:05:49.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Do not reuse PRNG seeds. Consider a PRNG that periodically re-seeds itself as needed from a high quality pseudo-random output, such as hardware devices.
Mitigation ID: MIT-2
Phases: Architecture and Design, Requirements
Strategy: Libraries or Frameworks
Description:
- Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.
No CAPEC attack patterns related to this CWE.