CVE-2011-0766

CVSS 7.8 - HIGH
Description

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

Affected Products
12
Vendor Product Version
erlang crypto All versions
erlang erlang\/otp r11b-5
erlang erlang\/otp r12b-5
erlang erlang\/otp r13b
erlang erlang\/otp r13b02-1
erlang erlang\/otp r13b03
erlang erlang\/otp r13b04
erlang erlang\/otp r14a
erlang erlang\/otp r14b
erlang erlang\/otp r14b01
erlang erlang\/otp r14b02
ssh ssh All versions
References
http://secunia.com/advisories/44709
http://www.kb.cert.org/vuls/id/178990
http://www.securityfocus.com/bid/47980
https://github.com/erlang/otp/commit/f228601de45c5...
http://secunia.com/advisories/44709
http://www.kb.cert.org/vuls/id/178990
http://www.securityfocus.com/bid/47980
https://github.com/erlang/otp/commit/f228601de45c5...
Weakness Types
CWE-310
CVE Information
CVE ID:
CVE-2011-0766
Published:
2011-05-31
Modified:
2026-04-29
CVSS Score:
7.8
Severity:
HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N
Affected Vendors
ssh erlang
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL