Main Vulnerability Database SB2020120612

SB2020120612 - Fedora EPEL 8 update for rclone

Published: December 6, 2020 Updated: April 25, 2025

Security Bulletin ID SB2020120612

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2020-28924)

The vulnerability allows an attacker to decrypt or brute-force passwords.

The vulnerability exists due to Rclone uses a weak random number generator for generating passwords with much less entropy than advertised. An attacker, who is able to obtain the password protected file can decrypt data.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e44d8312da