Description
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
Affected products
- erlang / crypto2.0.2.1
- erlang / erlang/otpr11b-5 – r11b-5
- erlang / erlang/otpr12b-5 – r12b-5
- erlang / erlang/otpr13b – r13b
- erlang / erlang/otpr13b02-1 – r13b02-1
- erlang / erlang/otpr13b03 – r13b03
- erlang / erlang/otpr13b04 – r13b04
- erlang / erlang/otpr14a – r14a
- erlang / erlang/otpr14b – r14b
- erlang / erlang/otpr14b01 – r14b01
- erlang / erlang/otpr14b02 – r14b02
- SSH / ssh2.0.4