The random number generator in the Crypto application prior to 2.0.2.2, and SSH prior to 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote malicious users to guess DSA host and SSH session keys.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ssh ssh |
||
erlang erlang/otp r14b01 |
||
erlang erlang/otp r14b |
||
erlang erlang/otp r11b-5 |
||
erlang erlang/otp r13b03 |
||
erlang erlang/otp r13b |
||
erlang erlang/otp r12b-5 |
||
erlang erlang/otp r13b04 |
||
erlang erlang/otp r13b02-1 |
||
erlang erlang/otp r14a |
||
erlang crypto |
||
erlang erlang/otp r14b02 |