CVE-2021-23020
published 2021-06-01CVE-2021-23020: The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | nginx_controller | — | — |
| f5 | nginx_controller | — | — |
| f5 | nginx_controller | >= 3.0.0 < 3.10.0 | 3.10.0 |