mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 17:22:02 +00:00
830 B
830 B
CVE-2019-25061
Description
The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction.
POC
Reference
- https://stackoverflow.com/questions/42170239/security-of-rand-in-ruby-compared-to-other-methods/42170560
- https://stackoverflow.com/questions/42170239/security-of-rand-in-ruby-compared-to-other-methods/42170560
Github
No PoCs found on GitHub currently.