Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2011-0766

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

  • Published: May 31, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-0766
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.8
  • AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

Software From Fixed in
ssh / ssh - 2.0.4.x
erlang / erlang/otp r14b01 r14b01.x
erlang / erlang/otp r14b r14b.x
erlang / erlang/otp r11b-5 r11b-5.x
erlang / erlang/otp r13b03 r13b03.x
erlang / erlang/otp r13b r13b.x
erlang / erlang/otp r12b-5 r12b-5.x
erlang / erlang/otp r13b04 r13b04.x
erlang / erlang/otp r13b02-1 r13b02-1.x
erlang / erlang/otp r14a r14a.x
erlang / crypto - 2.0.2.1.x
erlang / erlang/otp r14b02 r14b02.x