DNN (DotNetNuke) is vulnerable to information disclosure. The use of a lower-than-expected entropy caused by an incorrect convertion of the encryption key source values allow attackers to retrieve confidential information. This vulnerability exists due to an incomplete fix for CVE-2018-15812.