Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ValiCert Enterprise Validation Authority for Solaris弱随机设备漏洞
Vulnerability Description
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3到4.2.1版本使用不足的随机数据(1)在使用C rand函数时产生HSMs会话标识符或者(2)在使用/dev/urandom代替联合信息熵低的块的其他源时产生证书或者密钥。本地或者远程攻击者能更容易借助强力猜测偷窃标识符或者证书。
CVSS Information
N/A
Vulnerability Type
N/A