Skip to main content

Use of Insufficiently Random Values

CVE-2021-28055

Severity Medium
Score 6.5/10

Summary

An issue was discovered in Centreon-Web in Centreon Platform 18.10.6 through 19.10.22, 20.04.0 through 20.04.12, 20.10.0 through 20.10.6, and before 2.8.37. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • NONE

CWE-330 - Use of Insufficiently Random Values

The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Advisory Timeline

  • Published