Ericsson · Erlang/Otp · CVE-2011-0766
**Name of the Vulnerable Software and Affected Versions**
Crypto application versions prior to 2.0.2.2
SSH versions prior to 2.0.5
Erlang/OTP ssh library versions prior to R14B03
**Description**
The random number generator uses predictable seeds based on the current time, making it easier for remote attackers to guess DSA host and SSH session keys.
**Recommendations**
For Crypto application versions prior to 2.0.2.2, update to version 2.0.2.2 or later.
For SSH versions prior to 2.0.5, update to version 2.0.5 or later.
For Erlang/OTP ssh library versions prior to R14B03, update to version R14B03 or later.