← Volver a CVEs
CVE-2001-0950
HIGH7.5
Descripcion
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/4/2001
Ultima modificacion4/16/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
valicert:enterprise_validation_authority
Debilidades (CWE)
CWE-331
Referencias
http://marc.info/?l=bugtraq&m=100749428517090&w=2(cve@mitre.org)
http://www.securityfocus.com/bid/3618(cve@mitre.org)
http://www.securityfocus.com/bid/3620(cve@mitre.org)
http://www.valicert.com/support/security_advisory_eva.html(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7651(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7653(cve@mitre.org)
http://marc.info/?l=bugtraq&m=100749428517090&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/3618(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/3620(af854a3a-2127-422b-91ae-364da2661108)
http://www.valicert.com/support/security_advisory_eva.html(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7651(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7653(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.