CVE-2005-3087

2005-09-2704:00:00

mitre

www.cve.org

securew2 tls implementation

weak random number generators

pre-master secret

sensitive data

decryption

AI Score

6.4

Confidence

High

EPSS

0.003

Percentile

69.0%

JSON

The SecureW2 3.0 TLS implementation uses weak random number generators (rand and srand from system time) during generation of the pre-master secret (PMS), which makes it easier for attackers to guess the secret and decrypt sensitive data.

References

lists.grok.org.uk/pipermail/full-disclosure/2005-September/037352.html

secunia.com/advisories/16909