CVE-2014-0016

MEDIUM Year: 2014
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-332
View all →

Vulnerability Description

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

Related Vulnerabilities

CVE-2018-9057

CRITICAL
CVSS:9.8(Critical)

aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remo...

CWE-3322018

CVE-2014-9690

HIGH
CVSS:7.5(High)

Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator...

CWE-3322014

CVE-2016-10743

HIGH
CVSS:7.5(High)

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

CWE-3322016

CVE-2016-9154

HIGH
CVSS:7.5(High)

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modul...

CWE-3322016

CVE-2019-1715

HIGH
CVSS:7.5(High)

A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threa...

CWE-3322019

CVE-2017-18486

HIGH
CVSS:7.2(High)

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset ...

CWE-3322017