Weak Random Number Generation in EMC Documentum Web Development Kit (WDK) Allows for Phishing Attacks

Weak Random Number Generation in EMC Documentum Web Development Kit (WDK) Allows for Phishing Attacks

CVE-2014-4639 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.

Learn more about our Web App Pen Testing.