CVE-2022-3429523.06.2022, 17:15totd before 1.5.3 does not properly randomize mesg IDs.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.5 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 52%VendorProductVersiontotd_projecttotd𝑥< 1.5.3𝑥= Vulnerable software versionsKnown Exploits!http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdfhttp://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdfCommon Weakness EnumerationCWE-330 - Use of Insufficiently Random ValuesThe software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Referenceshttp://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdfhttps://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399https://github.com/fwdillema/totd/releases/tag/1.5.3https://www.usenix.org/conference/usenixsecurity22/presentation/jeitnerhttp://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdfhttps://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399https://github.com/fwdillema/totd/releases/tag/1.5.3https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner