CVE-2019-15703

HIGH Year: 2019
CVSS v3 Score
7.5
High
CVSS v2 Score
2.6
Low
Weakness Type
CWE-331
View all →

Vulnerability Description

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.

Related Vulnerabilities

CVE-2001-0950

HIGH
CVSS:7.5(High)

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generat...

CWE-3312001

CVE-2015-3405

HIGH
CVSS:7.5(High)

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is betwee...

CWE-3312015

CVE-2015-7764

HIGH
CVSS:7.5(High)

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.

CWE-3312015

CVE-2015-8851

HIGH
CVSS:7.5(High)

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

CWE-3312015

CVE-2018-15812

HIGH
CVSS:7.5(High)

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

CWE-3312018

CVE-2018-18326

HIGH
CVSS:7.5(High)

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15...

CWE-3312018