← Zuruck zu CVEs
CVE-2001-0950
HIGH7.5
Beschreibung
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/4/2001
Zuletzt geandert4/16/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
valicert:enterprise_validation_authority
Schwachen (CWE)
CWE-331
Referenzen
http://marc.info/?l=bugtraq&m=100749428517090&w=2(cve@mitre.org)
http://www.securityfocus.com/bid/3618(cve@mitre.org)
http://www.securityfocus.com/bid/3620(cve@mitre.org)
http://www.valicert.com/support/security_advisory_eva.html(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7651(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7653(cve@mitre.org)
http://marc.info/?l=bugtraq&m=100749428517090&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/3618(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/3620(af854a3a-2127-422b-91ae-364da2661108)
http://www.valicert.com/support/security_advisory_eva.html(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7651(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7653(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.