tgt v1.0.93 Flaw: Non-Random Sequence of Challenges
CVE-2024-45751

Currently unrated

Key Information:

Vendor: tgt (aka Linux target framework)
Vendor: CVE Published:; 6 September 2024

🔔 Create tgt (aka Linux target framework) Vulnerability Alert

What is CVE-2024-45751?

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

References

https://github.com/fujita/tgt/pull/67

https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93

https://www.openwall.com/lists/oss-security/2024/09/07/2

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2024
Vulnerability Reserved
Sep 6, 2024