5
CVSSv2

CVE-2018-1000620

Published: 09/07/2018 Updated: 10/09/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

Vulnerability Trend

Affected Products

Vendor Product Versions
Cryptiles ProjectCryptiles4.1.1

Vendor Advisories

Eran Hammer cryptiles version 411 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random This attack appear to be exploitable via Depends upon the calling application This vulnerability appears to h ...