CVE-2001-0950

HIGH

ValiCert EVA <4.2.1 - Info Disclosure

Title source: llm

Description

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.

References (6)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/7651

[Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/3620

[Exploit, Mailing List] http://marc.info/?l=bugtraq&m=100749428517090&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/7653

[Broken Link] http://www.valicert.com/support/security_advisory_eva.html

[Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/3618

Scores

CVSS v3 7.5

EPSS 0.0163

EPSS Percentile 82.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-331

Status published

Products (1)

valicert/enterprise_validation_authority 3.3 - 4.2.1

Published Dec 04, 2001

Tracked Since Feb 18, 2026