PT-2022-8283 · Ruby · Random Password Generator

Jodawill

Published

2022-05-18

Updated

2022-05-26

CVE-2019-25061

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions random password generator gem versions through 1.0.0

Description The issue concerns the use of Kernel#rand to generate passwords, which has a cyclic nature that can facilitate password prediction. This affects the random password generator gem for Ruby.

Recommendations For versions through 1.0.0, consider using an alternative method for password generation that does not rely on Kernel#rand to minimize the risk of password prediction. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-335CWE-330

Related Identifiers

CVE-2019-25061

GHSA-GGFX-H9XJ-5V9C

Affected Products

Random Password Generator

PT-2022-8283 · Ruby · Random Password Generator

CVE-2019-25061

Weakness Enumeration

Related Identifiers

Affected Products

References · 10