Vulnerability in Cherokee-project Cherokee
CVE-2011-2190
The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.001 (24.9th percentile) — read the EPSS interpretation.
Affected products
- Cherokee-project Cherokee — versions 0.3.0, 0.4.0, 0.4.1
- N/a — versions n/a
Weakness classification (CWE)
References
- 49772 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- FEDORA-2011-12698 (x_refsource_FEDORA, vendor-advisory)
- [oss-security] 20110603 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf (mailing-list, x_refsource_MLIST, Patch)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- [oss-security] 20110606 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf (mailing-list, x_refsource_MLIST, Patch)