cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-05T13:39:50
Updated: 2024-08-04T10:03:46.363Z
Reserved: 2020-02-05T00:00:00
Link: CVE-2020-8631
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-02-05T14:15:11.607
Modified: 2024-11-21T05:39:09.270
Link: CVE-2020-8631
Redhat