Weak Random Number Generator in Bosh Windows Stemcell Builder by Cloud Foundry
CVE-2026-47831
7.7HIGH
What is CVE-2026-47831?
The Bosh Windows Stemcell Builder's implementation of the GenerateRandomPassword function uses a cryptographically weak random number generator, potentially enabling remote attackers to conduct brute-force attacks on SSH logins through TCP/22. This vulnerability affects all versions prior to v2019.98, underscoring the importance of secure password generation methods to protect sensitive system access.
Affected Version(s)
bosh-windows-stemcell-builder 0 < 2019.98
References
CVSS V4
Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
CVSS V3.0
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
