Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2019-04-09T15:29:02.127885Z

Updated: 2024-09-17T00:02:03.823Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3795

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-04-09T16:29:01.837

Modified: 2024-11-21T04:42:33.430

Link: CVE-2019-3795

cve-icon Redhat

Severity : Low

Publid Date: 2019-04-02T00:00:00Z

Links: CVE-2019-3795 - Bugzilla