ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=100749428517090&w=2 | Exploit Mailing List |
http://www.securityfocus.com/bid/3618 | Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory |
http://www.securityfocus.com/bid/3620 | Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory |
http://www.valicert.com/support/security_advisory_eva.html | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7651 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7653 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-02-02T05:00:00
Updated: 2017-12-18T21:57:01
Reserved: 2002-01-31T00:00:00
Link: CVE-2001-0950
JSON object: View
NVD Information
Status : Analyzed
Published: 2001-12-04T05:00:00.000
Modified: 2024-02-15T03:29:50.493
Link: CVE-2001-0950
JSON object: View
Redhat Information
No data.
CWE