Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.
Advisories
Source ID Title
EUVD EUVD EUVD-2018-3090 Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2024-09-16T22:56:33.333Z

Reserved: 2018-05-14T00:00:00

Link: CVE-2018-11045

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-11T20:29:00.273

Modified: 2024-11-21T03:42:33.447

Link: CVE-2018-11045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.