Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5502

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-5502
Last Modified 07 Mar 2011 10:00:48
Published 01 Dec 2007 01:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5502

Summary

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.

Vulnerable Systems

Application

  • Openssl Fips Object Module 1.1.1


References

CERT-VN - VU#150249

BID - 26652

SECUNIA - 27859

XF - openssl-fips-prng-security-bypass(38796)

VUPEN - ADV-2007-4044

SECTRACK - 1019029

CONFIRM - http://www.openssl.org/news/secadv_20071129.txt


Last Updated: 27 May 2016 10:46:12