>> OpenSSL FIPS Object Module PRNG Implementation Security Weakness
Title : OpenSSL FIPS Object Module PRNG Implementation Security Weakness VUPEN ID : VUPEN/ADV-2007-4044 CVE ID : CVE-2007-5502
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-11-30
Technical Description
A security weakness has been identified in OpenSSL FIPS Object Module, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error in the PRNG (Pseudo Random Number Generator) implementation where the key and seed that are used correspond to the last self-test, which could cause predictable random data to be generated.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
