Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
CVSS Information
N/A
Vulnerability Type
PRNG种子错误
Vulnerability Title
Elastic Cloud on Kubernetes 安全漏洞
Vulnerability Description
Elasticsearch Elastic Cloud on Kubernetes是荷兰Elasticsearch公司的基于操作员模式自动部署、配置、管理和编排Elasticsearch、Kibana、APM 服务器、企业搜索和 Beats on Kubernetes。 Elasticsearch Elastic Cloud on Kubernetes 1.1.0之前版本存在安全漏洞,该漏洞源于程序使用弱随机数生成器生成密码。攻击者可利用该漏洞暴力破解ECK生成的Elasticsearch凭证。
CVSS Information
N/A
Vulnerability Type
N/A