Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
CVE-2019-25061
Summary
The random_password_generator (aka RandomPasswordGenerator) gem for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.
References
Advisory Timeline
- Published