Victor9

**Name of the Vulnerable Software and Affected Versions** Rclone versions prior to 1.53.3 **Description** An issue was discovered due to the use of a weak random number generator, resulting in the password generator producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started, limiting the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data, making it possible to create a dictionary of all possible passwords with about 38 million entries per password length, which would make decryption of secret material possible with a plausible amount of effort. **Recommendations** For versions prior to 1.53.3, all passwords generated by affected versions should be changed.