{"api_version":"1","generated_at":"2026-06-13T05:52:11+00:00","cve":"CVE-2011-0766","urls":{"html":"https://cve.report/CVE-2011-0766","api":"https://cve.report/api/cve/CVE-2011-0766.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-0766","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-0766"},"summary":{"title":"CVE-2011-0766","description":"The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.","state":"PUBLISHED","assigner":"certcc","published_at":"2011-05-31 20:55:01","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-310","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://secunia.com/advisories/44709","name":"http://secunia.com/advisories/44709","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Erlang/OTP SSH Insecure Random Number Generator Security Issue - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/47980","name":"http://www.securityfocus.com/bid/47980","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Erlang/OTP SSH Library Random Number Generator Weakness","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.kb.cert.org/vuls/id/178990","name":"http://www.kb.cert.org/vuls/id/178990","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","US Government Resource"],"title":"US-CERT Vulnerability Note VU#178990 - Erlang/OTP SSH library uses a weak random number generator","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5","name":"https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Merge branch 'maint-r14' into dev · erlang/otp@f228601 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-0766","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0766","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"2.0.2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"crypto","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"erlang\\/otp","cpe6":"r11b-5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"erlang\\/otp","cpe6":"r12b-5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"erlang\\/otp","cpe6":"r13b","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"erlang\\/otp","cpe6":"r13b02-1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"erlang\\/otp","cpe6":"r13b03","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"erlang\\/otp","cpe6":"r13b04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"erlang\\/otp","cpe6":"r14a","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"erlang\\/otp","cpe6":"r14b","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"erlang\\/otp","cpe6":"r14b01","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"erlang","cpe5":"erlang\\/otp","cpe6":"r14b02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"766","vulnerable":"1","versionEndIncluding":"2.0.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ssh","cpe5":"ssh","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T22:05:53.431Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"44709","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/44709"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5"},{"name":"47980","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/47980"},{"name":"VU#178990","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/178990"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2011-05-31T20:00:00.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"44709","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/44709"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5"},{"name":"47980","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/47980"},{"name":"VU#178990","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/178990"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2011-0766","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"44709","refsource":"SECUNIA","url":"http://secunia.com/advisories/44709"},{"name":"https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5","refsource":"CONFIRM","url":"https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5"},{"name":"47980","refsource":"BID","url":"http://www.securityfocus.com/bid/47980"},{"name":"VU#178990","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/178990"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2011-0766","datePublished":"2011-05-31T20:00:00.000Z","dateReserved":"2011-02-03T00:00:00.000Z","dateUpdated":"2024-09-17T04:29:25.226Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2011-05-31 20:55:01","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-310","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:crypto:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.2.1","matchCriteriaId":"A5C36D51-22EA-4973-BD37-34A148222677"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:r11b-5:*:*:*:*:*:*:*","matchCriteriaId":"E83FC35B-457E-461C-939A-2A2DAB1C2461"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:r12b-5:*:*:*:*:*:*:*","matchCriteriaId":"C6C511C8-EE7D-4E4F-829A-8A28A3F5DE7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:r13b:*:*:*:*:*:*:*","matchCriteriaId":"ADBDFE1E-0212-4A40-AF37-452469A591DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:r13b02-1:*:*:*:*:*:*:*","matchCriteriaId":"90FCA4F4-F172-44F8-A7E9-03C4374D8BE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:r13b03:*:*:*:*:*:*:*","matchCriteriaId":"33E2E62B-42A6-4D2C-80D0-B1AFD8F24E4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:r13b04:*:*:*:*:*:*:*","matchCriteriaId":"586A5C8B-0842-4D1C-A33A-A5E4AB0F7422"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:r14a:*:*:*:*:*:*:*","matchCriteriaId":"98D07E19-8830-4112-993B-92475F37CB68"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:r14b:*:*:*:*:*:*:*","matchCriteriaId":"13DF6614-88C8-49CE-97E3-0AD2D3972182"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:r14b01:*:*:*:*:*:*:*","matchCriteriaId":"10182FC9-2DE9-4FAD-8C9D-D5B21A735824"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:r14b02:*:*:*:*:*:*:*","matchCriteriaId":"4106F0A1-8582-46CD-9F8F-1A613B272DF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.4","matchCriteriaId":"B5FC28F2-797D-4C4E-B9B8-D89A3AAD7950"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"766","Ordinal":"1","Title":"CVE-2011-0766","CVE":"CVE-2011-0766","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"766","Ordinal":"1","NoteData":"The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.","Type":"Description","Title":"CVE-2011-0766"},{"CveYear":"2011","CveId":"766","Ordinal":"2","NoteData":"2011-05-31","Type":"Other","Title":"Published"}]}}}