CVE-2018-9057
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-9057
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-9057.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-9057
- Aliases
- Related
- Published
- 2018-03-27T18:29:00Z
- Modified
- 2025-07-01T06:33:27.744975Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
aws/resourceawsiamuserlogin_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.
- References
Affected packages
Git / github.com/hashicorp/terraform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hashicorp/terraform
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Type
- GIT
- Repo
- https://github.com/terraform-providers/terraform-provider-aws
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
0.*
0.7.7
Other
list
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.10.0
v0.10.0-beta1
v0.10.0-beta2
v0.10.0-rc1
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.11.0
v0.11.0-beta1
v0.11.0-rc1
v0.11.1
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9-beta1
v0.12.0
v0.12.0-alpha2
v0.12.0-alpha3
v0.12.0-alpha4
v0.12.0-dev20190520H16
v0.12.0-rc1
v0.12.1
v0.12.10
v0.12.11
v0.12.12
v0.12.13
v0.12.14
v0.12.15
v0.12.16
v0.12.17
v0.12.18
v0.12.19
v0.12.2
v0.12.20
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.12.7
v0.12.8
v0.12.9
v0.13.0
v0.13.0-beta1
v0.13.0-beta2
v0.13.0-beta3
v0.13.0-rc1
v0.13.1
v0.13.2
v0.14.0-alpha20200910
v0.14.0-alpha20200923
v0.14.0-alpha20201007
v0.14.0-beta1
v0.15.0-alpha20210107
v0.15.0-alpha20210127
v0.15.0-alpha20210210
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.3.6
v0.3.7
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.5.3
v0.6.0
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v0.7.0
v0.7.0-rc1
v0.7.0-rc2
v0.7.0-rc3
v0.7.0-rc4
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.0-beta1
v0.8.0-rc1
v0.8.0-rc2
v0.8.0-rc3
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.9.0
v0.9.0-beta1
v0.9.0-beta2
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v1.*
v1.0.0
v1.1.0
v1.1.0-alpha20210616
v1.1.0-alpha20210630
v1.1.0-alpha20210714
v1.1.0-alpha20210728
v1.1.0-alpha20210811
v1.1.0-alpha20210908
v1.1.0-alpha20210922
v1.1.0-alpha20211006
v1.1.0-alpha20211020
v1.1.0-alpha20211029
v1.10.0
v1.10.0-alpha20240606
v1.10.0-alpha20240619
v1.10.0-alpha20240717
v1.10.0-alpha20240730
v1.10.0-alpha20240807
v1.10.0-alpha20240814
v1.10.0-alpha20240828
v1.10.0-alpha20240911
v1.10.0-alpha20240918
v1.10.0-alpha20240926
v1.10.0-alpha20241009
v1.10.0-alpha20241023
v1.11.0
v1.11.0-alpha20241106
v1.11.0-alpha20241211
v1.11.0-alpha20241218
v1.11.0-alpha20250107
v1.12.0
v1.12.0-alpha20250213
v1.12.0-alpha20250312
v1.12.0-alpha20250319
v1.12.0-beta1
v1.12.0-beta2
v1.12.0-beta3
v1.12.0-rc1
v1.12.0-rc2
v1.2.0
v1.2.0-alpha-20220328
v1.2.0-alpha20220413
v1.3.0
v1.3.0-alpha20220608
v1.3.0-alpha20220622
v1.3.0-alpha20220706
v1.3.0-alpha20220803
v1.3.0-alpha20220817
v1.3.0-dev
v1.3.1
v1.4.0
v1.4.0-alpha20221109
v1.4.0-alpha20221207
v1.5.0
v1.5.0-alpha20230405
v1.5.0-alpha20230504
v1.6.0
v1.6.0-alpha20230719
v1.6.0-alpha20230802
v1.6.0-alpha20230816
v1.7.0
v1.7.0-alpha20231025
v1.7.0-alpha20231108
v1.7.0-alpha20231130
v1.7.1
v1.8.0
v1.8.0-alpha20240131
v1.8.0-alpha20240214
v1.8.0-alpha20240216
v1.8.0-alpha20240228
v1.9.0
v1.9.0-alpha20240404
v1.9.0-alpha20240501
v1.9.0-alpha20240516