Your submission was sent successfully! Close

CVE-2013-4442

Published: 19 December 2014

Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

Priority

Low

Status

Package Release Status
pwgen
Launchpad, Ubuntu, Debian
Upstream
Released (2.07-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(3.3.8-3ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(3.3.8-3ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.3.8-3ubuntu2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(3.3.8-3ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Other: https://launchpadlibrarian.net/140874774/randnum_c_v2.patch
Other: https://github.com/therealmik/pwgen/compare/securityfixes