CVE-2015-3405

HIGH Year: 2015
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-331
View all →

Vulnerability Description

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Related Vulnerabilities

CVE-2001-0950

HIGH
CVSS:7.5(High)

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generat...

CWE-3312001

CVE-2015-7764

HIGH
CVSS:7.5(High)

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.

CWE-3312015

CVE-2015-8851

HIGH
CVSS:7.5(High)

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

CWE-3312015

CVE-2018-15812

HIGH
CVSS:7.5(High)

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

CWE-3312018

CVE-2018-18326

HIGH
CVSS:7.5(High)

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15...

CWE-3312018

CVE-2019-10064

HIGH
CVSS:7.5(High)

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic ...

CWE-3312019