CVE-2012-2387

devotee <0.1 - Info Disclosure

Title source: llm

Description

devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack.

References (3)

[Mailing List] http://www.openwall.com/lists/oss-security/2012/05/18/15

[Mailing List] http://www.openwall.com/lists/oss-security/2012/05/21/2

[Mailing List] http://www.openwall.com/lists/oss-security/2012/05/22/11

Scores

EPSS 0.0028

EPSS Percentile 51.3%

Classification

CWE

CWE-200

Status draft

Affected Products (1)

debian/devotee

Timeline

Published Aug 20, 2012

Tracked Since Feb 18, 2026