Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Lightbend Akka 安全漏洞
Vulnerability Description
Lightbend Akka是一款开源的用于构建高并发和分布式的消息驱动应用程序的工具包。 Lightbend Akka 2.5.16之前的2.5.x版本中存在安全漏洞。攻击者可利用该漏洞窃听,重放或修改使用Akka Remoting/Cluster发送的消息。
CVSS Information
N/A
Vulnerability Type
N/A