Published: 04/12/2001 Updated: 19/12/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Enterprise Validation Authority

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 up to and including 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote malicious users to steal tokens or certificates via brute force guessing.

Vulnerable Product	Search on Vulmon	Subscribe to Product
valicert enterprise validation authority 3.8
valicert enterprise validation authority 3.9
valicert enterprise validation authority 3.3
valicert enterprise validation authority 4.0
valicert enterprise validation authority 4.1
valicert enterprise validation authority 3.6
valicert enterprise validation authority 3.7
valicert enterprise validation authority 3.4
valicert enterprise validation authority 3.5
valicert enterprise validation authority 4.2
valicert enterprise validation authority 4.2.1

NVD-CWE-Other http://www.securityfocus.com/bid/3618 http://www.securityfocus.com/bid/3620 http://www.valicert.com/support/security_advisory_eva.html http://marc.info/?l=bugtraq&m=100749428517090&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/7653 https://exchange.xforce.ibmcloud.com/vulnerabilities/7651 https://www.securityfocus.com/bid/3620 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2001-0950

Vulnerability Summary

Most Upvoted Vulmon Research Post

References

Vulmon Search

About

Products

Connect