Weak Random Number Generator in ECK Versions Prior to 1.1.0 Allows Brute Forcing of Elasticsearch Credentials
CVE-2020-7010 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
Learn more about our Cis Benchmark Audit For Kubernetes.