CVE-2024-45751

MEDIUM

tgt < 1.0.93 - Use of Cryptographically Weak PRNG via Unseeded rand

Title source: llm

Description

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

References (5)

Core 5

Core References

Various Sources

https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93

Mailing List

https://lists.debian.org/debian-lts-announce/2024/11/msg00033.html

Mailing List

https://www.openwall.com/lists/oss-security/2024/09/07/2

Issue Tracking

https://github.com/fujita/tgt/pull/67

Mailing List

http://www.openwall.com/lists/oss-security/2024/09/07/2

Scores

CVSS v3 5.9

EPSS 0.0055

EPSS Percentile 41.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-338

Status published

Published Sep 06, 2024

Tracked Since Feb 18, 2026