CVE-2020-7010

Name of the Vulnerable Software and Affected Versions Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0

Description The issue concerns a weak random number generator used to generate passwords in Elastic Cloud on Kubernetes (ECK). This weakness can be exploited if an attacker determines when the Elastic Stack cluster was deployed, potentially allowing them to brute force the Elasticsearch credentials more easily.

Recommendations For Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider regenerating passwords using a secure random number generator until a patch is applied. Restrict access to the Elasticsearch credentials to minimize the risk of exploitation.