5.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
78.8%
The NIST SP 800-90A default statement of the Dual Elliptic Curve
Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point
Q constants with a possible relationship to certain “skeleton key” values,
which might allow context-dependent attackers to defeat cryptographic
protection mechanisms by leveraging knowledge of those values. NOTE: this
is a preliminary CVE for Dual_EC_DRBG; future research may provide
additional details about point Q and associated attacks, and could
potentially lead to a RECAST or REJECT of this CVE.
Author | Note |
---|---|
seth-arnold | Dual_EC_DRBG has been under suspicion long enough that I suspect none of our libraries use it by default, though some may make it available for legacy compatability. It might be worthwhile to remove it entirely, so that unsafe mechanisms aren’t available to provide a false sense of safety. |
mdeslaur | openssl only seems to have Dual_EC_DRBG in the fips module, not in the regular source. |
arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
rump2007.cr.yp.to/15-shumow.pdf
stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect
launchpad.net/bugs/cve/CVE-2007-6755
nvd.nist.gov/vuln/detail/CVE-2007-6755
security-tracker.debian.org/tracker/CVE-2007-6755
www.cve.org/CVERecord?id=CVE-2007-6755
www.schneier.com/blog/archives/2007/11/the_strange_sto.html