The nonce values included in Authentication Requests sent by Singularity Enterprise may not contain sufficient entropy as specified by the OpenID Connect Core 1.0 specification, due to a deficiency in the module used to generate nonce values.


A patch is available in versions 1.2 through 1.6 of Singularity Enterprise, and customers are encouraged to upgrade. The patch is included in the following versions:

  • 1.2.6
  • 1.3.4
  • 1.4.4
  • 1.5.4
  • 1.6.3


No remediation is available, customers are encouraged to upgrade to a patched version.


For more information

If you have any questions or comments about this advisory, please contact