CVE-2016-15006— enigmaX Scrambling Table main.c getSeed prng seed
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-15006
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
enigmaX Scrambling Table main.c getSeed prng seed
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.3 is able to address this issue. The identifier of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
PRNG中使用可预测种子
Source: NVD (National Vulnerability Database)
Vulnerability Title
enigmax 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
enigmax是Pierre-François Monville个人开发者的一个 C 语言中的密码程序。 enigmax 2.2版本及之前版本存在安全漏洞。攻击者利用该漏洞导致伪随机数生成器(prng)可以预测种子。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | enigmaX | 2.0 | - |
II. Public POCs for CVE-2016-15006
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-15006
请登录查看更多情报信息。
Same Patch Batch · n/a · 2023-01-02 · 8 CVEs total
| CVE-2016-15007 | 5.5 MEDIUM | Centralized-Salesforce-Dev-Framework SOQL SObjectService.cls SObjectService injection |
| CVE-2014-125038 | 5.5 MEDIUM | IS_Projecto2 NewsBean.java sql injection |
| CVE-2014-125037 | 5.5 MEDIUM | License to Kill injury.rb sql injection |
| CVE-2015-10009 | 5.5 MEDIUM | nterchange code_caller_controller.php getContent code injection |
| CVE-2014-125035 | 3.5 LOW | Jobs-Plugin cross site scripting |
| CVE-2014-125033 | 3.5 LOW | rails-cv-app uploaded_files_controller.rb path traversal |
| CVE-2022-48197 | yahoo YUI2 跨站脚本漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-337
- CVE-2026-26018
CoreDNS Loop Detection Denial of Service Vulnerability - CVE-2026-25235
PEAR Has a Predictable Verification Hash in Election Account - CVE-2025-62710
Sakai kernel-impl: predictable PRNG used to generate server‑ - CVE-2025-55069
AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Rando - CVE-2025-7770
Predictable Seed in Pseudo-Random Number Generator (PRNG) in
V. Comments for CVE-2016-15006
No comments yet