CVE-2018-1000620

CRITICAL Year: 2018
CVSS v3 Score
9.8
Critical
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-331
View all →

Vulnerability Description

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

Related Vulnerabilities

CVE-2008-2108

CRITICAL
CVSS:9.8(Critical)

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insuffici...

CWE-3312008

CVE-2013-2260

CRITICAL
CVSS:9.8(Critical)

Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness

CWE-3312013

CVE-2020-12735

CRITICAL
CVSS:9.8(Critical)

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.

CWE-3312020

CVE-2020-29508

CRITICAL
CVSS:9.8(Critical)

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.

CWE-3312020

CVE-2021-22727

CRITICAL
CVSS:9.8(Critical)

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and...

CWE-3312021

CVE-2021-33027

CRITICAL
CVSS:9.8(Critical)

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.

CWE-3312021