Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker
High severity
GitHub Reviewed
Published
Nov 29, 2018
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Package
Affected versions
< 1.1.0
Patched versions
1.1.0
Description
Published to the GitHub Advisory Database
Nov 29, 2018
Reviewed
Jun 16, 2020
Last updated
Jan 9, 2023
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.
References