Уязвимость CVE-2020-28924: Информация

Описание

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.

Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-28924
Опубликовано: 19 ноября 2020 г.
Изменено: 7 ноября 2023 г.
Идентификатор типа ошибки: CWE-331CWE-338

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
rclonesisyphus1.53.4-alt11.65.2-alt1.1ALT-PU-2021-1108-1264983Исправлено
rclonep101.53.4-alt11.65.2-alt1ALT-PU-2021-1108-1264983Исправлено
rclonep91.53.4-alt11.53.4-alt1ALT-PU-2021-1154-1264985Исправлено
rclonec10f11.53.4-alt11.61.1-alt1ALT-PU-2021-1108-1264983Исправлено
rclonec9f21.53.4-alt11.61.1-alt1ALT-PU-2022-1255-1293762Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://github.com/rclone/rclone/issues/4783
  • Exploit
  • Patch
  • Third Party Advisory
https://rclone.org/downloads/
  • Vendor Advisory
GLSA-202107-14
  • Third Party Advisory
FEDORA-2020-3b0bb05117

      1. Конфигурация 1

        cpe:2.3:a:rclone:rclone:*:*:*:*:*:*:*:*
        End excliding
        1.53.3

        Конфигурация 2

        cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Версия: v24.4.2
    Наверх