CVE-2012-2681 | Vulnerability Database | Aqua Security

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.

Affected Software

Name	Vendor	Start Version	End Version
Cumin	Trevor_mckay	*	0.1.5192-4 (including)
Cumin	Trevor_mckay	0.1.3160-1 (including)	0.1.3160-1 (including)
Cumin	Trevor_mckay	0.1.4369-1 (including)	0.1.4369-1 (including)
Cumin	Trevor_mckay	0.1.4410-2 (including)	0.1.4410-2 (including)
Cumin	Trevor_mckay	0.1.4494-1 (including)	0.1.4494-1 (including)
Cumin	Trevor_mckay	0.1.4794-1 (including)	0.1.4794-1 (including)
Cumin	Trevor_mckay	0.1.4916-1 (including)	0.1.4916-1 (including)
Cumin	Trevor_mckay	0.1.5098-2 (including)	0.1.5098-2 (including)
Cumin	Trevor_mckay	0.1.5192-1 (including)	0.1.5192-1 (including)
Enterprise_mrg	Redhat	2.0 (including)	2.0 (including)

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558
http://rhn.redhat.com/errata/RHSA-2012-1278.html
http://rhn.redhat.com/errata/RHSA-2012-1281.html
http://secunia.com/advisories/50660
http://www.securityfocus.com/bid/55618
https://exchange.xforce.ibmcloud.com/vulnerabilities/78771

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2681
CWE	https://cwe.mitre.org/data/definitions/310.html