Published: 19/12/2014 Updated: 10/09/2015

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Password Generator (aka Pwgen) prior to 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent malicious users to guess the numbers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pwgen project pwgen

Debian Bug report logs - #767008 CVE-2013-4442: uses bad randomness if opening /dev/urandom fails Package: pwgen; Maintainer for pwgen is Theodore Y Ts'o <tytso@mitedu>; Source for pwgen is src:pwgen (PTS, buildd, popcon) Reported by: Adam Borowski <kilobyte@angbandpl> Date: Mon, 27 Oct 2014 15:42:02 UTC Severity ...

Debian Bug report logs - #725507 CVE-2013-4440: trivially weak passwords if no tty Package: pwgen; Maintainer for pwgen is Theodore Y Ts'o <tytso@mitedu>; Source for pwgen is src:pwgen (PTS, buildd, popcon) Reported by: Thomas Koch <thomas@kochro> Date: Sun, 6 Oct 2013 17:51:11 UTC Severity: grave Tags: patch F ...

Debian Bug report logs - #726578 pwgen: Multiple vulnerabilities in passwords generation Package: pwgen; Maintainer for pwgen is Theodore Y Ts'o <tytso@mitedu>; Source for pwgen is src:pwgen (PTS, buildd, popcon) Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Wed, 16 Oct 2013 20:06:02 UTC Severity: impor ...

CWE-310 http://www.openwall.com/lists/oss-security/2013/10/16/15 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146015.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672241 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146237.html http://www.openwall.com/lists/oss-security/2013/06/06/1 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146285.html http://sourceforge.net/p/pwgen/code/ci/00118ccac4656adb028504639b313d7b09e62b79/http://www.mandriva.com/security/advisories?name=MDVSA-2015:008 http://advisories.mageia.org/MGASA-2014-0535.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767008

CVE-2013-4442

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect