aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.00449
Percentile: 0.62653

CVSS Scoring

Mapped CWE(s)

• CWE-332 : Insufficient Entropy in PRNG

Affected Products

• cpe:2.3:a:hashicorp:terraform:*:*:*:*:*:aws:*:*

← Back to Home