By weakness (CWE)
CWE-338: related vulnerabilities
CVEs classified under CWE-338. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-41858HIGH 7.5
BOSH-Ecosystem's windows-utilities-release contains a critical password generation flaw that undermines a key security hardening measure. The tool is designed to lock down Windows VMs by setting an Administrator account password that should be cryptographically random and unguessable. However, the password generation relies on a predictable random number generator seeded only with the system clock. An attacker who can estimate when a VM was booted can narrow down the possible passwords to a small, brute-forceable set, potentially recovering the Administrator credential and gaining full control of the system.