CVE-2023-36610

MEDIUM Year: 2023
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-331
View all →

Vulnerability Description

​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.

Related Vulnerabilities

CVE-2016-2564

MEDIUM
CVSS:5.9(Medium)

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board ...

CWE-3312016

CVE-2022-34746

MEDIUM
CVSS:5.9(Medium)

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. T...

CWE-3312022

CVE-2023-26154

MEDIUM
CVSS:5.9(Medium)

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of ...

CWE-3312023

CVE-2024-26329

MEDIUM
CVSS:6.2(Medium)

Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG in ChilkatRand::randomBytes function.

CWE-3312024

CVE-2017-2625

MEDIUM
CVSS:5.5(Medium)

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from...

CWE-3312017

CVE-2017-2626

MEDIUM
CVSS:5.5(Medium)

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the proce...

CWE-3312017