Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5502


Vulnerability Score 6.4 6.4
CVE Id CVE-2007-5502
Last Modified 07 Mar 2011 10:00:48
Published 01 Dec 2007 01:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.

Vulnerable Systems


  • Openssl Fips Object Module 1.1.1


CERT-VN - VU#150249

BID - 26652

SECUNIA - 27859

XF - openssl-fips-prng-security-bypass(38796)

VUPEN - ADV-2007-4044

SECTRACK - 1019029


Last Updated: 27 May 2016 10:46:12