CVE-2007-6755

CWE-327Broken Cryptographic Algorithm7 documents7 sources
Severity
5.8MEDIUM
EPSS
0.3%
top 44.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Bsafe Crypto-c-micro-editionDell Bsafe Crypto-j
Timeline
PublishedOct 11
Latest updateMay 1

Description

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potent

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

Debianopenssl< 1.1.0b-2+3
NVDdell/bsafe_crypto-c-micro-edition3.0.0.03.0.0.20
NVDdell/bsafe_crypto-j5.0, 5.0.1+1

🔴Vulnerability Details

3
GHSA
GHSA-3mqf-x495-xqrw: The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constan2022-05-01
CVEList
CVE-2007-6755: The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constan2013-10-11
OSV
CVE-2007-6755: The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constan2013-10-11

📋Vendor Advisories

2
Red Hat
Dual_EC_DRBG: weak pseudo random number generator2013-10-11
Debian
CVE-2007-6755: openssl - The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic R...2007

💬Community

1
Bugzilla
CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator2013-12-23