cloud-init up to and including 19.4 relies on Mersenne Twister for a random password, which makes it easier for malicious users to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical cloud-init |
||
opensuse leap 15.1 |
||
debian debian linux 8.0 |