CVE-2021-41615

CRITICAL Year: 2021
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-331
View all →

Vulnerability Description

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). NOTE: 2.1.8 is a version from 2003; however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected.

Related Vulnerabilities

CVE-2008-2108

CRITICAL
CVSS:9.8(Critical)

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insuffici...

CWE-3312008

CVE-2013-2260

CRITICAL
CVSS:9.8(Critical)

Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness

CWE-3312013

CVE-2018-1000620

CRITICAL
CVSS:9.8(Critical)

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force some...

CWE-3312018

CVE-2020-12735

CRITICAL
CVSS:9.8(Critical)

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.

CWE-3312020

CVE-2020-29508

CRITICAL
CVSS:9.8(Critical)

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.

CWE-3312020

CVE-2021-22727

CRITICAL
CVSS:9.8(Critical)

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and...

CWE-3312021