Weak Entropy in libICE Key Generation: A Potential Session Hijacking Vulnerability

Weak Entropy in libICE Key Generation: A Potential Session Hijacking Vulnerability

CVE-2017-2626 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

Learn more about our Web Application Penetration Testing UK.