Main Vulnerability Database Exploits ID:10399 - Exploit for Use of insufficiently random values in keypair - CVE-2021-41117

ID:10399 - Exploit for Use of insufficiently random values in keypair - CVE-2021-41117

Published: August 16, 2024

Vulnerability identifier: #VU57321

Vulnerability risk: High

CVE-ID: CVE-2021-41117

CWE-ID: CWE-330

Exploitation vector: Remote access

Vulnerable software:
keypair

Link to public exploit:

https://github.com/badkeys/keypairvuln

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in the pseudo-random number generator used by keypair to generate RSA keys for SSH connections. A remote attacker can generate duplicate SSH keys and gain unauthorized access to the affected systems.

Remediation

Install updates from vendor's website.

Note, just installing an update is not enough to fix the problem. You need to replace all previously generated SSH keys.

ID:10399 - Exploit for Use of insufficiently random values in keypair - CVE-2021-41117

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human