Canonical · Cloud-Init · CVE-2020-8631
**Name of the Vulnerable Software and Affected Versions**
cloud-init versions prior to 19.4
**Description**
The issue is related to the use of Mersenne Twister for generating random passwords, which can make it easier for attackers to predict passwords. This is because the `rand str` function in `cloudinit/util.py` calls the `random.choice` function.
**Recommendations**
For cloud-init versions prior to 19.4, consider updating to a version that uses a more secure random number generator to mitigate the risk of password prediction. As a temporary workaround, consider generating passwords manually using a secure method until a patched version is available.