Lucene search

K
cve[email protected]CVE-2013-6078
HistoryJun 17, 2014 - 3:55 p.m.

CVE-2013-6078

2014-06-1715:55:05
CWE-310
web.nvd.nist.gov
15
cve-2013-6078
emc
rsa
bsafe
toolkits
data protection manager
dpm
vulnerability
dual elliptic curve
drbg
cryptographic protection

9.1 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.8%

The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified “security concerns,” aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.

Affected configurations

NVD
Node
emcrsa_bsafe_toolkitsMatch-
OR
emcrsa_data_protection_managerMatch20130918

9.1 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.8%