CVE-2014-4191

The TLS implementation in EMC RSA BSAFE-C Toolkits aka Share for C and C++ sends a long series of random bytes during use of the DualECDRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than...

EUVD-2014-4121

Malware in sbrugna...

EUVD-2014-4122

Malware in sbrugna...

EUVD-2014-4120

Malware in sbrugna...

CVE-2014-4192

The DualECDRBG implementation in EMC RSA BSAFE-C Toolkits aka Share for C and C++ processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recoverin...

On the Subversion of NIST by the NSA

Nadiya Kostyuk and Susan Landau wrote an interesting paper: "Dueling Over DUALECDRBG: The Consequences of Corrupting a Cryptographic Standardization Process": Abstract: In recent decades, the U.S. National Institute of Standards and Technology NIST, which develops cryptographic standards for...

Micali-Schnorr Generator (MS-DRBG) Part III - Zero Knowledge Proof Wanted!!

See also Part I and Part II of this series This is going to be a short blog post about the infamous Micali-Schnorr Random Number Generator MS-DRBG. See Part I and Part II of this series for more information about this topic. WHO: NIST published the specification for Micali-Schnorr Random Number...

Juniper Removes Dual_EC, ANSI X9.31 Algorithms

Juniper Networks announced late Friday it was removing the suspicious DualECDRBG random number generator from its ScreenOS operating system. And while that’s heralded as a positive move considering DualEC’s dubious origins, there remain important and unanswered questions about Juniper’s decision ...

Juniper Backdoor Picture Getting Clearer

The NSA’s subversion of encryption standards may have come home to roost. As more eyes examine the Juniper backdoor in ScreenOS, the operating system standing up its NetScreen VPNs, it’s becoming clear that someone backdoored the NSA backdoor in DualECDRBG, opening the door to passive decryption ...

Juniper ScreenOS Backdoor Password

Researchers from two security firms have uncovered the password guarding one of the backdoors discovered in Juniper Networks’ ScreenOS, the operating system behind its NetScreen enterprise-grade firewalls. Fox-IT and Rapid7 found the secret code, which was disguised to look like debug code, said...

NIST Drops Weak Dual_EC RNG From Official Recommendations

NIST officially has removed the controversial and compromised DualECDRBG from its list of recommended algorithms for generating random numbers. The DualEC random number generator was at the center of a controversy in the security community two years ago after revelations that the National Securit...

CVE-2014-4192

The DualECDRBG implementation in EMC RSA BSAFE-C Toolkits aka Share for C and C++ processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recoverin...

CVE-2014-4193

The TLS implementation in EMC RSA BSAFE-Java Toolkits aka Share for Java supports the Extended Random extension during use of the DualECDRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than...

CVE-2013-6078

The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager DPM 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging...

Code injection

The DualECDRBG implementation in EMC RSA BSAFE-C Toolkits aka Share for C and C++ processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recoverin...

Code injection

The TLS implementation in EMC RSA BSAFE-C Toolkits aka Share for C and C++ sends a long series of random bytes during use of the DualECDRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than...

Default configuration

The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager DPM 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging...

CVE-2014-4191

CVE-2014-4191 affects the EMC RSA BSAFE-C Toolkits TLS implementation (Share for C/C++) that uses Dual_EC_DRBG. The issue is caused by the TLS code sending a long series of random bytes during Dual_EC_DRBG usage, which enables an attacker to recover the algorithm’s inner state and potentially obt...

CVE-2014-4193

The TLS implementation in EMC RSA BSAFE-Java Toolkits aka Share for Java supports the Extended Random extension during use of the DualECDRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than...

CVE-2014-4192

CVE-2014-4192 affects EMC RSA BSAFE-C Toolkits (Share for C/C++) Dual_EC_DRBG. The vulnerability arises from how output bytes are produced: the implementation uses the requested byte count without considering cached bytes, enabling recovery of the algorithm’s inner state and potential plaintext e...