{"vulnerability": "cve-2002-2000", "sightings": [{"uuid": "53abf949-76c6-4018-b3fd-7f43a01ae7ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2002-20002", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113756992228999681", "content": "", "creation_timestamp": "2025-01-02T04:59:09.271636Z"}, {"uuid": "7afd4b89-ffca-4fa8-9eb4-0cf6e16d196b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2002-20002", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leqczxfmbi25", "content": "", "creation_timestamp": "2025-01-02T05:15:25.152304Z"}, {"uuid": "feeac3de-e8af-43ac-91d6-2e92068f9b8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2002-20002", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3leqeswlbjq2k", "content": "", "creation_timestamp": "2025-01-02T05:47:16.951412Z"}, {"uuid": "909986c7-9e49-4dcd-8c15-67673aa16764", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2002-20002", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/247", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2002-20002\n\ud83d\udd39 Description: The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.\n\ud83d\udccf Published: 2025-01-02T00:00:00\n\ud83d\udccf Modified: 2025-01-06T21:08:29.156Z\n\ud83d\udd17 References:\n1. https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes\n2. https://github.com/briandfoy/cpan-security-advisory/issues/184\n3. https://metacpan.org/release/MNAGUIB/EasyTCP-0.15/view/EasyTCP.pm", "creation_timestamp": "2025-01-06T21:37:29.000000Z"}, {"uuid": "05de037f-5e72-4fe7-b5a3-508f554c7dca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2002-20001", "type": "published-proof-of-concept", "source": "Telegram/Fl_ltFZIbiQsMNPTYivk2KXEOFXqbKjLz4yAp3sglbIHJYU", "content": "", "creation_timestamp": "2025-07-28T15:00:06.000000Z"}, {"uuid": "2b67bfcd-e60a-4e7f-9ce1-c6978f133e44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2002-20002", "type": "seen", "source": "https://t.me/cvedetector/14093", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2002-20002 - EasyTCP Weak Random Number Generation in Crypto Key Generation\", \n  \"Content\": \"CVE ID : CVE-2002-20002 \nPublished : Jan. 2, 2025, 5:15 a.m. | 19\u00a0minutes ago \nDescription : The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-02T06:43:07.000000Z"}, {"uuid": "b11b1c1a-1ce2-4188-a3fb-3e3bf6a7b8e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2002-20001", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5006", "content": "#tools\nD(HE)ater is a PoC implementation of the D(HE)at attack (CVE-2002-20001) through which DoS can be performed by enforcing the DHE key exchange\nhttps://github.com/Balasys/dheater", "creation_timestamp": "2021-12-19T13:30:32.000000Z"}, {"uuid": "26be3ac8-fd36-451d-a460-7021ed211f51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2002-20001", "type": "seen", "source": "https://t.me/cibsecurity/32258", "content": "\u203c CVE-2002-20001 \u203c\n\nThe Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-11T22:37:55.000000Z"}]}