Lucene search

K
cve[email protected]CVE-2013-6078
HistoryJun 17, 2014 - 3:55 p.m.

CVE-2013-6078

2014-06-1715:55:05
CWE-310
web.nvd.nist.gov
15
cve-2013-6078
emc
rsa
bsafe
toolkits
data protection manager
dpm
vulnerability
dual elliptic curve
drbg
cryptographic protection

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

9.1 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified “security concerns,” aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.

Affected configurations

NVD
Node
emcrsa_bsafe_toolkitsMatch-
OR
emcrsa_data_protection_managerMatch20130918

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

9.1 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%