CVE-2020-10729

CWE-3309 documents8 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 76.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Engine Debian Debian Linux

Timeline

PublishedMay 27

Latest updateMar 5

Description

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDredhat/ansible_engine< 2.9.6

▶PyPIansible< 2.9.6

▶Debianansible< 2.9.6+dfsg-1+3

▶CVEListV5ansibleansible-engine 2.9.6

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

Insufficiently random values in Ansible↗2021-06-15

▶

GHSA

Insufficiently random values in Ansible↗2021-06-15

▶

CVEList

CVE-2020-10729: A flaw was found in the use of insufficiently random values in Ansible↗2021-05-27

▶

OSV

CVE-2020-10729: A flaw was found in the use of insufficiently random values in Ansible↗2021-05-27

▶

📋Vendor Advisories

Ubuntu

Ansible vulnerabilities↗2025-03-05

▶

Debian

CVE-2020-10729: ansible - A flaw was found in the use of insufficiently random values in Ansible. Two rand...↗2020

▶

Red Hat

Ansible: two random password lookups in same task return same value↗2017-12-21

▶

💬Community

Bugzilla

CVE-2020-10729 Ansible: two random password lookups in same task return same value↗2020-05-04

▶