DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dotnetnuke | Dnnsoftware | 9.2 (including) | 9.2.2 (including) |