CVE-2001-0950 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2001-0950?

CVE-2001-0950 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2001-0950?

Check the references section above for vendor advisories and patch information. Affected products include: Valicert Enterprise Validation Authority.

Vulnerability Description

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Valicert	Enterprise Validation Authority	>= 3.3, <= 4.2.1

Related Weaknesses (CWE)

CWE-331

References

http://marc.info/?l=bugtraq&m=100749428517090&w=2ExploitMailing List
http://www.securityfocus.com/bid/3618Broken LinkPatchThird Party Advisory
http://www.securityfocus.com/bid/3620Broken LinkPatchThird Party Advisory
http://www.valicert.com/support/security_advisory_eva.htmlBroken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/7651Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/7653Third Party AdvisoryVDB Entry
http://marc.info/?l=bugtraq&m=100749428517090&w=2ExploitMailing List
http://www.securityfocus.com/bid/3618Broken LinkPatchThird Party Advisory
http://www.securityfocus.com/bid/3620Broken LinkPatchThird Party Advisory
http://www.valicert.com/support/security_advisory_eva.htmlBroken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/7651Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/7653Third Party AdvisoryVDB Entry

FAQ

What is CVE-2001-0950?

CVE-2001-0950 is a vulnerability with a CVSS score of 7.5 (HIGH). ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generat...

How severe is CVE-2001-0950?

CVE-2001-0950 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2001-0950?

Check the references section above for vendor advisories and patch information. Affected products include: Valicert Enterprise Validation Authority.