tgt v1.0.93 Flaw: Non-Random Sequence of Challenges
CVE-2024-45751

Currently unrated

Key Information:

Vendor
tgt (aka Linux target framework)
Vendor
CVE Published:
6 September 2024

Summary

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.