CVE-2013-6078

EPSS 0.32%
Published 17.06.2014 15:55:05
Last modified 12.04.2025 10:46:40
Source secalert_us@oracle.com
Teams watchlist Login
Open Login

The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue.  NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Emc ≫ Rsa Bsafe Toolkits Version-

Emc ≫ Rsa Data Protection Manager Version20130918

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.518

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/

http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html

http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/

http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect

https://nvd.nist.gov/vuln/detail/CVE-2013-6078

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6078

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6078

EUVD