OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.05512
Percentile: 0.89801

CVSS Scoring

Mapped CWE(s)

• CWE-338 : Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Affected Products

• cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
• cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

← Back to Home