Red Hat Bugzilla – Bug 1020272
CVE-2013-4443 pwgen: Secure mode has bias towards numbers and uppercase letters
Last modified: 2015-07-31 03:11:27 EDT
It was found that pwgen had a heavy bias towards using numbers and uppercase letters when generating random passwords. Because of this, pwgen created passwords that were weaker and easier to guess than it should have.
There seems to be a patch here saying it fixes most of the issues:
Created pwgen tracking bugs for this issue:
Affects: fedora-all [bug 1020273]
Affects: epel-all [bug 1020274]
It was found that if you generated 1 extremely long password (rather than a ton of passwords) and made a histogram, there would be no bias, hence this CVE is **REJECTED**.