Static Linux Random Number Generator (LRNG) Seed File Vulnerability in Pivotal Operations Manager

Static Linux Random Number Generator (LRNG) Seed File Vulnerability in Pivotal Operations Manager

CVE-2018-11045 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.