← Back to CVEs
CVE-2001-0950
HIGH7.5
Description
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/4/2001
Last Modified4/16/2026
Sourcenvd
Honeypot Sightings0
Affected Products
valicert:enterprise_validation_authority
Weaknesses (CWE)
CWE-331
References
http://marc.info/?l=bugtraq&m=100749428517090&w=2(cve@mitre.org)
http://www.securityfocus.com/bid/3618(cve@mitre.org)
http://www.securityfocus.com/bid/3620(cve@mitre.org)
http://www.valicert.com/support/security_advisory_eva.html(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7651(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7653(cve@mitre.org)
http://marc.info/?l=bugtraq&m=100749428517090&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/3618(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/3620(af854a3a-2127-422b-91ae-364da2661108)
http://www.valicert.com/support/security_advisory_eva.html(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7651(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7653(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.