[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

A Pseudo-Random Number Generator (PRNG) uses seeds incorrectly.

A PRNG uses the same seed each time the product is initialized. If an attacker can guess (or knows) the seed, then he/she may be able to determine the "random" number produced from the PRNG.

A PRNG is initialized from a predictable seed, e.g. using process ID or system time.

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.

A PRNG uses a relatively small space of seeds.

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory.


Pages:      Start    17    18    19    20    21    22    23    24    25    26    27    28    29    30    ..   90

© SecPod Technologies