CVE DATABASE / CVE-2001-0950
CVE-2001-0950
CVSS 7.5 · HIGH
Summary
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.
CVSS 3.1 breakdown
| Base score | 7.5 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Valicert enterprise validation authority
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=100749428517090&w=2
- http://www.securityfocus.com/bid/3618
- http://www.securityfocus.com/bid/3620
- http://www.valicert.com/support/security_advisory_eva.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7653
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.