CVE-2013-6078

EPSS 0.32%
Veröffentlicht 17.06.2014 15:55:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue.  NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emc ≫ Rsa Bsafe Toolkits Version-

Emc ≫ Rsa Data Protection Manager Version20130918

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.518

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/

http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html

http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/

http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect

https://nvd.nist.gov/vuln/detail/CVE-2013-6078

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6078

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6078

EUVD