CVE-2011-2190

Name of the Vulnerable Software and Affected Versions Cherokee versions prior to 1.2.99

Description The issue concerns the generate admin password function, which uses time and PID values for seeding a random number generator. This makes it easier for local users to determine admin passwords via a brute-force attack.

Recommendations For versions prior to 1.2.99, update to version 1.2.99 or later to resolve the issue. As a temporary workaround, consider restricting access to the generate admin password function until a patch is available.