CVE-2020-7010

Published: Jun 3, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.

Affected (1)

Products: Elastic: Elastic Cloud On Kubernetes

1 product

Elastic Cloud On Kubernetes

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Elastic Elastic Cloud On Kubernetes	Before 1.1.0

Related CWEs

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

References (2)

https://www.elastic.co/community/security/

Source: security@elastic.co

Vendor Advisory

https://www.elastic.co/community/security/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.