Landscape insecure token generation
CVE-2023-32549

7.5HIGH

Key Information:

Vendor: Canonical Ltd.
Status: Landscape
Vendor: CVE Published:; 6 June 2023

Summary

The Landscape product by Canonical is vulnerable due to the insecure generation of cryptographic keys, which arise from the use of a weak pseudo-random number generator. This flaw can potentially compromise the integrity and security of the generated keys, making systems susceptible to unauthorized access. Users of affected versions should review security practices and consider immediate remediation to protect their infrastructure.

Affected Version(s)

Landscape Linux 0 < 19.10.05

References

https://bugs.launchpad.net/landscape/+bug/1929034

issue-tracking

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2023
Vulnerability Reserved
May 9, 2023

Credit

Anton Ivanov