Launch Week Day 1: Announcing Security Design Review

Insufficient Entropy in DotNetNuke

GHSA-pf46-gqg9-j3v3 · CVE-2018-15812

Published Jul 5, 2019 · Modified Nov 8, 2023

Description

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes