CVE-2012-2387

devotee 0.1 patch 2 - Exposure of Sensitive Information via Weak Random Number Generation

Title source: llm
STIX 2.1

Description

devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack.

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/21/2
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/18/15
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/22/11

Scores

EPSS 0.0139
EPSS Percentile 69.1%

Details

CWE
CWE-200
Status published
Products (1)
debian/devotee 0.1
Published Aug 20, 2012
Tracked Since Feb 18, 2026