Insufficient Entropy

CVE-2019-9555

Medium

5.3/10

Summary

Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-331 - Insufficient Entropy

The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References

Advisory Timeline

Published Mar 05, 2019

Insufficient Entropy

CVE-2019-9555

Summary

CWE-331 - Insufficient Entropy

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS