Cryptographic Issues in ECK
High severity
GitHub Reviewed
Published
Feb 15, 2022
to the GitHub Advisory Database
•
Updated Feb 22, 2024
Description
Published by the National Vulnerability Database
Jun 3, 2020
Reviewed
May 13, 2021
Published to the GitHub Advisory Database
Feb 15, 2022
Last updated
Feb 22, 2024
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
References