tgt v1.0.93 Flaw: Non-Random Sequence of Challenges
CVE-2024-45751

5.9MEDIUM

Key Information:

Vendor: tgt (aka Linux target framework)
Vendor: CVE Published:; 6 September 2024

🔔 Create tgt (aka Linux target framework) Vulnerability Alert

What is CVE-2024-45751?

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

References

https://github.com/fujita/tgt/pull/67

https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93

https://www.openwall.com/lists/oss-security/2024/09/07/2

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2024
Vulnerability Reserved
Sep 6, 2024

CVE-2024-45751 Data

JSON