cvedb.io
CVE-2018-1000620
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-07-09T20:29:00.737 · Last modified 2026-06-17T01:32:57.330

Summary

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

Affected products

cryptiles_project — cryptiles

Does this affect you?

Add your gear to cvedb and we'll alert you only when cryptiles_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.