PT-2011-2617 · Ericsson · Erlang/Otp
Geoff Cant
·
Published
2011-05-31
·
Updated
2023-09-25
·
CVE-2011-0766
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Crypto application versions prior to 2.0.2.2
SSH versions prior to 2.0.5
Erlang/OTP ssh library versions prior to R14B03
Description
The random number generator uses predictable seeds based on the current time, making it easier for remote attackers to guess DSA host and SSH session keys.
Recommendations
For Crypto application versions prior to 2.0.2.2, update to version 2.0.2.2 or later.
For SSH versions prior to 2.0.5, update to version 2.0.5 or later.
For Erlang/OTP ssh library versions prior to R14B03, update to version R14B03 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Erlang/Otp