CVE-2006-1378

Name of the Vulnerable Software and Affected Versions PasswordSafe version 3.0 beta

Description The issue concerns the use of a weak random number generator, specifically the C++ rand function, during the generation of the database encryption key. This weakness makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack.

Recommendations For PasswordSafe version 3.0 beta, consider using an alternative, more secure random number generator to mitigate the risk of decryption by attackers. As a temporary workaround, restrict access to sensitive data stored in the database until a more secure version is available.