QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-28924

Back to search

CVE-2020-28924

Published: Nov 19, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.

VendorProductVersions

n/a

n/a

affected
n/a

References

FEDORA-2020-3b0bb05117
vendor-advisory
x_refsource_FEDORA
GLSA-202107-14
vendor-advisory
x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now