Vulnerability in Elastic Cloud On Kubernetes

CVE-2020-7010

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brut…

EPSS: 0.004 (58.0th percentile) — read the EPSS interpretation.

Affected products

Elastic Cloud On Kubernetes — versions before 1.1.0

Weakness classification (CWE)

CWE-335 — Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

References

www.elastic.co/community/security/ (x_refsource_MISC)