5.8
CVE-2007-6755
- EPSS 0.52%
- Veröffentlicht 11.10.2013 22:55:33
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert_us@oracle.com
- Teams Watchlist Login
- Unerledigt Login
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Bsafe Crypto-c-micro-edition Version >= 3.0.0.0 <= 3.0.0.20
Dell ≫ Bsafe Crypto-j Version5.0
Dell ≫ Bsafe Crypto-j Version5.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.656 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.