CVE-2020-7010 is a vulnerability in Elastic Cloud On Kubernetes
Published on June 3, 2020
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
Weakness Type
What is a PRNG Vulnerability?
The software uses a Pseudo-Random Number Generator (PRNG) that does not correctly manage seeds.
CVE-2020-7010 has been classified to as a PRNG vulnerability or weakness.
Products Associated with CVE-2020-7010
Want to know whenever a new CVE is published for Elastic Cloud On Kubernetes? stack.watch will email you.
Affected Versions
Elastic Cloud on Kubernetes Version before 1.1.0 is affected by CVE-2020-7010Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.