Skip to main content

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

CVE-2019-25061

Severity High
Score 7.5/10

Summary

The random_password_generator (aka RandomPasswordGenerator) gem for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

Advisory Timeline

  • Published