Main Vulnerability Database Vulnerabilities #VU48568

#VU48568 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in rclone - CVE-2020-28924

Published: November 19, 2020 / Updated: November 20, 2020

Vulnerability identifier: #VU48568

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-28924

CWE-ID: CWE-338

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
rclone

Software vendor:
rclone.org

Description

The vulnerability allows an attacker to decrypt or brute-force passwords.

The vulnerability exists due to Rclone uses a weak random number generator for generating passwords with much less entropy than advertised. An attacker, who is able to obtain the password protected file can decrypt data.

Remediation

Install updates from vendor's website.

External links

https://github.com/rclone/rclone/issues/4783
https://rclone.org/downloads/

#VU48568 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in rclone - CVE-2020-28924

Description

Remediation

External links

Please verify you're human