CVE-2020-16271

Critical

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to…

mitre·CWE-330·Published 2020-08-03

CVSS

9.1

EPSS

0.02

KEV

Exploits

cve.orgen

210 chars

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.

NVDen

210 chars

NVDes

249 chars

La implementación de SRP-6a en Kee Vault KeePassRPC versiones anteriores a 1.12.0, genera insuficientemente números aleatorios, lo que permite a atacantes remotos leer y modificar datos en la base de datos KeePass por medio de una conexión WebSocket

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
3.1	Primary	NVD	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N