Insufficient Entropy
CVE-2018-1000620
Summary
Eran Hammer cryptiles version up to 3.1.2 and 4.0.0 - 4.1.1 contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method, that can result in an attacker more likely to be able to brute force something that was supposed to be random.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-331 - Insufficient Entropy
The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Advisory Timeline
- Published