// For flags

CVE-2007-5502

 

Severity Score

6.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.

La implementación PRNG para OpenSSL FIPS Object Module 1.1.1 no realiza una selección previa automática de la semilla durante el test de FIPS que realiza a sí mismo. Esto genera información arbitraria que es más predecible de lo esperado y hace que, para los atacantes, sea más fácil vulnerar los mecanismos de protección basados en aleatoriedad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-10-17 CVE Reserved
  • 2007-11-29 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Fips Object Module
Search vendor "Openssl" for product "Fips Object Module"
 1.1.1
Search vendor "Openssl" for product "Fips Object Module" and version "1.1.1"
-
Affected