Predictable Initialization of SecureRandom.random_bytes in Ruby
CVE-2011-2705 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
Learn more about our Web Application Penetration Testing UK.