CVE-2021-4238

CRITICAL Year: 2021
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-331
View all →

Vulnerability Description

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.

Related Vulnerabilities

CVE-2017-18883

CRITICAL
CVSS:9.1(Critical)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.

CWE-3312017

CVE-2024-3411

CRITICAL
CVSS:9.1(Critical)

Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random N...

CWE-3312024

CVE-2022-37401

HIGH
CVSS:8.8(High)

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw i...

CWE-3312022

CVE-2008-2108

CRITICAL
CVSS:9.8(Critical)

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insuffici...

CWE-3312008

CVE-2013-2260

CRITICAL
CVSS:9.8(Critical)

Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness

CWE-3312013

CVE-2018-1000620

CRITICAL
CVSS:9.8(Critical)

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force some...

CWE-3312018