CWE-340
Generation of Predictable Numbers or Identifiers
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
CVE-2020-1905 (GCVE-0-2020-1905)
Vulnerability from cvelistv5
Published
2020-10-06 17:35
Modified
2024-08-04 06:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-340 - Generation of Predictable Numbers or Identifiers
Summary
Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
WhatsApp for Android |
Version: 2.20.185 Version: unspecified < 2.20.185 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:53:59.620Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.whatsapp.com/security/advisories/2020/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WhatsApp for Android", "vendor": "Facebook", "versions": [ { "status": "affected", "version": "2.20.185" }, { "lessThan": "2.20.185", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "dateAssigned": "2020-10-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-340", "description": "CWE-340: Generation of Predictable Numbers or Identifiers", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-06T17:35:26", "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.whatsapp.com/security/advisories/2020/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve-assign@fb.com", "DATE_ASSIGNED": "2020-10-06", "ID": "CVE-2020-1905", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WhatsApp for Android", "version": { "version_data": [ { "version_affected": "!=\u003e", "version_value": "2.20.185" }, { "version_affected": "\u003c", "version_value": "2.20.185" } ] } } ] }, "vendor_name": "Facebook" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-340: Generation of Predictable Numbers or Identifiers" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.whatsapp.com/security/advisories/2020/", "refsource": "CONFIRM", "url": "https://www.whatsapp.com/security/advisories/2020/" } ] } } } }, "cveMetadata": { "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "assignerShortName": "facebook", "cveId": "CVE-2020-1905", "datePublished": "2020-10-06T17:35:26", "dateReserved": "2019-12-02T00:00:00", "dateUpdated": "2024-08-04T06:53:59.620Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-29480 (GCVE-0-2021-29480)
Vulnerability from cvelistv5
Published
2021-06-29 18:15
Modified
2024-08-03 22:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-340 - Generation of Predictable Numbers or Identifiers
Summary
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is not on by default), the session data could be tampered with by someone with the ability to write cookies. The default configuration is unsuitable for production use as an application restart renders all sessions invalid and is not multi-host compatible, but its use is not actively prevented. As of Ratpack 1.9.0, the default value is a securely randomly generated value, generated at application startup time. As a workaround, supply an alternative signing key, as per the documentation's recommendation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:11:05.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ratpack/ratpack/blob/29434f7ac6fd4b36a4495429b70f4c8163100332/ratpack-session/src/main/java/ratpack/session/clientside/ClientSideSessionConfig.java#L29" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ratpack", "vendor": "ratpack", "versions": [ { "status": "affected", "version": "\u003c 1.9.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is not on by default), the session data could be tampered with by someone with the ability to write cookies. The default configuration is unsuitable for production use as an application restart renders all sessions invalid and is not multi-host compatible, but its use is not actively prevented. As of Ratpack 1.9.0, the default value is a securely randomly generated value, generated at application startup time. As a workaround, supply an alternative signing key, as per the documentation\u0027s recommendation." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-340", "description": "CWE-340: Generation of Predictable Numbers or Identifiers", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-29T18:15:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ratpack/ratpack/blob/29434f7ac6fd4b36a4495429b70f4c8163100332/ratpack-session/src/main/java/ratpack/session/clientside/ClientSideSessionConfig.java#L29" } ], "source": { "advisory": "GHSA-2cc5-23r7-vc4v", "discovery": "UNKNOWN" }, "title": "Default client side session signing key is highly predictable", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-29480", "STATE": "PUBLIC", "TITLE": "Default client side session signing key is highly predictable" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ratpack", "version": { "version_data": [ { "version_value": "\u003c 1.9.0" } ] } } ] }, "vendor_name": "ratpack" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is not on by default), the session data could be tampered with by someone with the ability to write cookies. The default configuration is unsuitable for production use as an application restart renders all sessions invalid and is not multi-host compatible, but its use is not actively prevented. As of Ratpack 1.9.0, the default value is a securely randomly generated value, generated at application startup time. As a workaround, supply an alternative signing key, as per the documentation\u0027s recommendation." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-340: Generation of Predictable Numbers or Identifiers" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v", "refsource": "CONFIRM", "url": "https://github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v" }, { "name": "https://github.com/ratpack/ratpack/blob/29434f7ac6fd4b36a4495429b70f4c8163100332/ratpack-session/src/main/java/ratpack/session/clientside/ClientSideSessionConfig.java#L29", "refsource": "MISC", "url": "https://github.com/ratpack/ratpack/blob/29434f7ac6fd4b36a4495429b70f4c8163100332/ratpack-session/src/main/java/ratpack/session/clientside/ClientSideSessionConfig.java#L29" } ] }, "source": { "advisory": "GHSA-2cc5-23r7-vc4v", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-29480", "datePublished": "2021-06-29T18:15:12", "dateReserved": "2021-03-30T00:00:00", "dateUpdated": "2024-08-03T22:11:05.265Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-10603 (GCVE-0-2024-10603)
Vulnerability from cvelistv5
Published
2025-01-30 19:14
Modified
2025-02-24 11:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-10603", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-30T20:31:35.677086Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-30T20:31:46.190Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "gVisor", "vendor": "Google", "versions": [ { "status": "unaffected", "version": "release-20241028.0" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Amit Klein (Hebrew University of Jerusalem)" }, { "lang": "en", "type": "finder", "value": "Inon Kaplan (Independent researcher)" }, { "lang": "en", "type": "finder", "value": "Ron Even (Independent researcher)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Weaknesses in the generation of TCP/UDP source ports and some other header values in Google\u0027s gVisor allowed them to be predicted by an external attacker in some circumstances. \u0026nbsp;\u003cbr\u003e" } ], "value": "Weaknesses in the generation of TCP/UDP source ports and some other header values in Google\u0027s gVisor allowed them to be predicted by an external attacker in some circumstances." } ], "impacts": [ { "capecId": "CAPEC-112", "descriptions": [ { "lang": "en", "value": "CAPEC-112 Brute Force" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-340", "description": "CWE-340", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-24T11:59:44.637Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2" }, { "url": "https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52" }, { "url": "https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205" }, { "url": "https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2024-10603", "datePublished": "2025-01-30T19:14:38.619Z", "dateReserved": "2024-10-31T15:32:48.245Z", "dateUpdated": "2025-02-24T11:59:44.637Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-12034 (GCVE-0-2024-12034)
Vulnerability from cvelistv5
Published
2024-12-24 05:23
Modified
2024-12-24 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-340 - Generation of Predictable Numbers or Identifiers
Summary
The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
webfactory | Advanced Google reCAPTCHA |
Version: * ≤ 1.25 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12034", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-24T16:36:05.377482Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-24T16:48:22.800Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Advanced Google reCAPTCHA", "vendor": "webfactory", "versions": [ { "lessThanOrEqual": "1.25", "status": "affected", "version": "*", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Max Boll" } ], "descriptions": [ { "lang": "en", "value": "The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts" } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-340", "description": "CWE-340 Generation of Predictable Numbers or Identifiers", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-24T05:23:42.564Z", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence" }, "references": [ { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa7e6f6-92b2-494b-8c7a-76ba8213b610?source=cve" }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3208704%40advanced-google-recaptcha\u0026new=3208704%40advanced-google-recaptcha\u0026sfp_email=\u0026sfph_mail=" } ], "timeline": [ { "lang": "en", "time": "2024-12-23T00:00:00.000+00:00", "value": "Disclosed" } ], "title": "Advanced Google reCAPTCHA \u003c= 1.25 - Brute Force Protection IP Unblock" } }, "cveMetadata": { "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2024-12034", "datePublished": "2024-12-24T05:23:42.564Z", "dateReserved": "2024-12-02T16:32:30.112Z", "dateUpdated": "2024-12-24T16:48:22.800Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-47945 (GCVE-0-2024-47945)
Vulnerability from cvelistv5
Published
2024-10-15 10:05
Modified
2024-10-15 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-340 - Generation of Predictable Numbers or Identifiers
Summary
The devices are vulnerable to session hijacking due to insufficient
entropy in its session ID generation algorithm. The session IDs are
predictable, with only 32,768 possible values per user, which allows
attackers to pre-generate valid session IDs, leading to unauthorized
access to user sessions. This is not only due to the use of an
(insecure) rand() function call but also because of missing
initialization via srand(). As a result only the PIDs are effectively
used as seed.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
RITTAL GmbH & Co. KG | IoT Interface & CMC III Processing Unit |
Version: <6.21.00.2 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:rittal_gmbh_and_co.kg:iot_interface_and_cmc_iii_processing_unit:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "iot_interface_and_cmc_iii_processing_unit", "vendor": "rittal_gmbh_and_co.kg", "versions": [ { "lessThan": "6.21.00.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-47945", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T16:01:41.582783Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-15T16:03:59.248Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "IoT Interface \u0026 CMC III Processing Unit", "vendor": "RITTAL GmbH \u0026 Co. KG", "versions": [ { "status": "affected", "version": "\u003c6.21.00.2" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Johannes Kruchem, SEC Consult Vulnerability Lab" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe devices are vulnerable to session hijacking due to insufficient \nentropy in its session ID generation algorithm. The session IDs are \npredictable, with only 32,768 possible values per user, which allows \nattackers to pre-generate valid session IDs, leading to unauthorized \naccess to user sessions. This is not only due to the use of an \n(insecure) rand() function call but also because of missing \ninitialization via srand(). As a result only the PIDs are effectively \nused as seed.\u003c/p\u003e\u003cbr\u003e" } ], "value": "The devices are vulnerable to session hijacking due to insufficient \nentropy in its session ID generation algorithm. The session IDs are \npredictable, with only 32,768 possible values per user, which allows \nattackers to pre-generate valid session IDs, leading to unauthorized \naccess to user sessions. This is not only due to the use of an \n(insecure) rand() function call but also because of missing \ninitialization via srand(). As a result only the PIDs are effectively \nused as seed." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SEC Consult has published proof of concept code for this vulnerability." } ], "value": "SEC Consult has published proof of concept code for this vulnerability." } ], "impacts": [ { "capecId": "CAPEC-59", "descriptions": [ { "lang": "en", "value": "CAPEC-59 Session Credential Falsification through Prediction" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-340", "description": "CWE-340: Generation of Predictable Numbers or Identifiers", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-15T10:05:58.333Z", "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab" }, "references": [ { "tags": [ "third-party-advisory" ], "url": "https://r.sec-consult.com/rittaliot" }, { "tags": [ "patch" ], "url": "https://www.rittal.com/de-de/products/deep/3124300" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe vendor provides a patched version V6.21.00.2 which can be downloaded from the following URL:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.rittal.com/de-de/products/deep/3124300\"\u003ewww.rittal.com/de-de/products/deep/3124300\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e" } ], "value": "The vendor provides a patched version V6.21.00.2 which can be downloaded from the following URL:\u00a0 www.rittal.com/de-de/products/deep/3124300 https://www.rittal.com/de-de/products/deep/3124300" } ], "source": { "discovery": "UNKNOWN" }, "title": "Predictable Session ID", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "assignerShortName": "SEC-VLab", "cveId": "CVE-2024-47945", "datePublished": "2024-10-15T10:05:58.333Z", "dateReserved": "2024-10-07T13:39:52.543Z", "dateUpdated": "2024-10-15T16:03:59.248Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-52299 (GCVE-0-2024-52299)
Vulnerability from cvelistv5
Published
2024-11-13 15:29
Modified
2024-11-14 13:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-340 - Generation of Predictable Numbers or Identifiers
Summary
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
xwikisas | macro-pdfviewer |
Version: >= 1.6.2, < 2.5.6 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:xwikisas:macro_pdfviewer:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "macro_pdfviewer", "vendor": "xwikisas", "versions": [ { "lessThanOrEqual": "1.6.2", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "2.5.6", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-52299", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-14T13:57:59.924545Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-14T13:58:59.615Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "macro-pdfviewer", "vendor": "xwikisas", "versions": [ { "status": "affected", "version": "\u003e= 1.6.2, \u003c 2.5.6" } ] } ], "descriptions": [ { "lang": "en", "value": "macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the \"key\" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn\u0027t update the digest. This is fixed in 2.5.6." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-340", "description": "CWE-340: Generation of Predictable Numbers or Identifiers", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-13T15:29:07.107Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-522m-m242-jr9p", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-522m-m242-jr9p" } ], "source": { "advisory": "GHSA-522m-m242-jr9p", "discovery": "UNKNOWN" }, "title": "The PDF viewer macro allows accessing any attachment without access right checks" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-52299", "datePublished": "2024-11-13T15:29:07.107Z", "dateReserved": "2024-11-06T19:00:26.395Z", "dateUpdated": "2024-11-14T13:58:59.615Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-7558 (GCVE-0-2024-7558)
Vulnerability from cvelistv5
Published
2024-10-02 10:06
Modified
2024-10-02 13:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Canonical Ltd. | Juju |
Version: 3.5 ≤ Version: 3.4 ≤ Version: 3.3 ≤ Version: 3.1 ≤ Version: 2.9 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-7558", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-02T13:58:28.823188Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-02T13:59:04.171Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "packageName": "juju", "platforms": [ "Linux" ], "product": "Juju", "repo": "https://github.com/juju/juju", "vendor": "Canonical Ltd.", "versions": [ { "lessThan": "3.5.4", "status": "affected", "version": "3.5", "versionType": "semver" }, { "lessThan": "3.4.6", "status": "affected", "version": "3.4", "versionType": "semver" }, { "lessThan": "3.3.7", "status": "affected", "version": "3.3", "versionType": "semver" }, { "lessThan": "3.1.10", "status": "affected", "version": "3.1", "versionType": "semver" }, { "lessThan": "2.9.51", "status": "affected", "version": "2.9", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Harry Pidcock" }, { "lang": "en", "type": "remediation developer", "value": "Harry Pidcock" }, { "lang": "en", "type": "coordinator", "value": "Mark Esler" } ], "descriptions": [ { "lang": "en", "value": "JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-337", "description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-340", "description": "CWE-340: Generation of Predictable Numbers or Identifiers", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-1391", "description": "CWE-1391: Use of Weak Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-02T10:06:31.098Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4" }, { "tags": [ "issue-tracking" ], "url": "https://www.cve.org/CVERecord?id=CVE-2024-7558" } ] } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2024-7558", "datePublished": "2024-10-02T10:06:31.098Z", "dateReserved": "2024-08-06T13:45:13.579Z", "dateUpdated": "2024-10-02T13:59:04.171Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-0218 (GCVE-0-2025-0218)
Vulnerability from cvelistv5
Published
2025-01-07 19:18
Modified
2025-01-08 17:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-340 - Generation of Predictable Numbers or Identifiers
Summary
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-0218", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-07T20:58:35.591893Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-07T20:58:49.396Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "pgAgent", "vendor": "n/a", "versions": [ { "lessThan": "4.2.3", "status": "affected", "version": "4", "versionType": "rpm" } ] } ], "configurations": [ { "lang": "en", "value": "attacker has permission to write to the system temporary directory" } ], "credits": [ { "lang": "en", "value": "The pgAdmin project thanks Wolfgang Frisch from SUSE for reporting this problem." } ], "descriptions": [ { "lang": "en", "value": "When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-340", "description": "Generation of Predictable Numbers or Identifiers", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-08T17:56:00.784Z", "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL" }, "references": [ { "url": "https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c" } ], "title": "pgAgent scheduled batch job scripts are created in a predictable temporary directory potentially allowing a denial of service", "workarounds": [ { "lang": "en", "value": "None." } ] } }, "cveMetadata": { "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "assignerShortName": "PostgreSQL", "cveId": "CVE-2025-0218", "datePublished": "2025-01-07T19:18:02.865Z", "dateReserved": "2025-01-04T02:53:10.494Z", "dateUpdated": "2025-01-08T17:56:00.784Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-40918 (GCVE-0-2025-40918)
Vulnerability from cvelistv5
Published
2025-07-16 14:00
Modified
2025-08-07 09:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.
The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation
depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
EHUELS | Authen::SASL::Perl::DIGEST_MD5 |
Version: 2.04 < |
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2025-40918", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-16T20:48:38.205622Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-16T20:48:52.853Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "Authen-SASL", "product": "Authen::SASL::Perl::DIGEST_MD5", "programFiles": [ "DIGEST_MD5.pm" ], "repo": "https://github.com/gbarr/perl-authen-sasl", "vendor": "EHUELS", "versions": [ { "lessThanOrEqual": "2.1800", "status": "affected", "version": "2.04", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eAuthen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.\u003c/div\u003e\u003cdiv\u003eThe cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\u003c/div\u003e\u003cdiv\u003eAccording to RFC 2831, \u003cq\u003eThe cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation\n depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.\u003c/q\u003e\u003c/div\u003e" } ], "value": "Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.\n\nThe cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nAccording to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation\n depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-340", "description": "CWE-340 Generation of Predictable Numbers or Identifiers", "lang": "en", "type": "CWE" }, { "cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-07T09:08:47.396Z", "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec" }, "references": [ { "url": "https://metacpan.org/release/EHUELS/Authen-SASL-2.1900/changes" }, { "url": "https://metacpan.org/dist/Authen-SASL/source/lib/Authen/SASL/Perl/DIGEST_MD5.pm#L263" }, { "url": "https://datatracker.ietf.org/doc/html/rfc2831" }, { "tags": [ "patch" ], "url": "https://security.metacpan.org/patches/A/Authen-SASL/2.1800/CVE-2025-40918-r1.patch" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/gbarr/perl-authen-sasl/pull/22" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eUsers should upgrade to version 2.1900 or later.\u003c/div\u003e" } ], "value": "Users should upgrade to version 2.1900 or later." } ], "source": { "discovery": "UNKNOWN" }, "title": "Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "assignerShortName": "CPANSec", "cveId": "CVE-2025-40918", "datePublished": "2025-07-16T14:00:12.777Z", "dateReserved": "2025-04-16T09:05:34.361Z", "dateUpdated": "2025-08-07T09:08:47.396Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-40919 (GCVE-0-2025-40919)
Vulnerability from cvelistv5
Published
2025-07-16 14:04
Modified
2025-07-16 20:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.
The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
According to RFC 2831, "The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy."
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SALVA | Authen::DigestMD5 |
Version: 0.01 < |
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2025-40919", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-16T20:49:09.619470Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-16T20:49:26.539Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "Authen-DigestMD5", "product": "Authen::DigestMD5", "programFiles": [ "DigestMD5.pm" ], "vendor": "SALVA", "versions": [ { "lessThanOrEqual": "0.04", "status": "affected", "version": "0.01", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eAuthen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.\u003c/div\u003e\u003cdiv\u003eThe cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\u003c/div\u003e\u003cdiv\u003eAccording to RFC 2831, \u003cq\u003eThe cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation\n depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.\u003c/q\u003e\u003c/div\u003e" } ], "value": "Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely.\n\nThe cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nAccording to RFC 2831, \"The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.\"" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-340", "description": "CWE-340 Generation of Predictable Numbers or Identifiers", "lang": "en", "type": "CWE" }, { "cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-16T14:04:09.443Z", "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec" }, "references": [ { "url": "https://metacpan.org/release/SALVA/Authen-DigestMD5-0.01/source/DigestMD5.pm#L126" }, { "url": "https://datatracker.ietf.org/doc/html/rfc2831" } ], "source": { "discovery": "UNKNOWN" }, "title": "Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "assignerShortName": "CPANSec", "cveId": "CVE-2025-40919", "datePublished": "2025-07-16T14:04:09.443Z", "dateReserved": "2025-04-16T09:05:34.362Z", "dateUpdated": "2025-07-16T20:49:26.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.