First published: Mon Apr 25 2016(Updated: )
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fedoraproject Fedora | =24 | |
Pulp Project | <=2.8.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-3704 has been classified with a moderate severity level due to its potential impact on password generation.
To fix CVE-2016-3704, upgrade Pulp to version 2.8.5 or later.
CVE-2016-3704 affects Pulp versions up to 2.8.4 and Fedora 24.
CVE-2016-3704 involves the unsafe use of bash's $RANDOM for generating passwords, which can lead to predictable password generation.
Randy Barlow of Red Hat reported the vulnerability CVE-2016-3704.