CVE-2018-9057 is a vulnerability in HashiCorp Terraform
Published on March 27, 2018
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.
Products Associated with CVE-2018-9057
Want to know whenever a new CVE is published for HashiCorp Terraform? stack.watch will email you.
Exploit Probability
EPSS
0.46%
Percentile
64.08%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.