DUHK Don’t Use Hard-coded Keys is a new ‘non-trivial’ cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. The vulnerability affects products from dozens of vendors, including Fortinet, Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG an outdated pseudorandom number generation algorithm ‘in conjunction with a hard-coded seed key’ The vulnerability is the third crypto-related vulnerability reported this month after KRACK Wi-Fi and ROCA factorization attack.
Source: https://thehackernews.com/2017/10/crack-prng-encryption-keys.html