漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ValiCert Enterprise Validation Authority for Solaris弱随机设备漏洞
Vulnerability Description
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3到4.2.1版本使用不足的随机数据(1)在使用C rand函数时产生HSMs会话标识符或者(2)在使用/dev/urandom代替联合信息熵低的块的其他源时产生证书或者密钥。本地或者远程攻击者能更容易借助强力猜测偷窃标识符或者证书。
CVSS Information
N/A
Vulnerability Type
N/A