Computer Security
[EN] securityvulns.ru no-pyccku


Paramiko SSH server weak encryption
Published:04.03.2008
Source:
SecurityVulns ID:8747
Type:remote
Threat Level:
5/10
Description:Weak PRNG generator is used for encryption.
Affected:PARAMIKO : paramiko 1.7
CVE:CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.)
Original documentdocumentGENTOO, [ GLSA 200803-07 ] Paramiko: Information disclosure (04.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod