Description

The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.

Remediation

References

CVE-2011-2190

Related Vulnerabilities

ProjectSend Use of Insufficiently Random Values Vulnerability (CVE-2024-7659)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.226)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38265)

WordPress Plugin JS Job Manager Security Bypass (1.1.8)

OpenSSL Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-2650)

Severity

Low

Classification

CVE-2011-2190

Tags

Missing Update Known Vulnerabilities