CVE-2007-5502
OpenSSL Security Advisory 20071129
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.
La implementación PRNG para OpenSSL FIPS Object Module 1.1.1 no realiza una selección previa automática de la semilla durante el test de FIPS que realiza a sí mismo. Esto genera información arbitraria que es más predecible de lo esperado y hace que, para los atacantes, sea más fácil vulnerar los mecanismos de protección basados en aleatoriedad.
A significant flaw in the PRNG implementation for the OpenSSL FIPS Object Module v1.1.1 has been reported by Geoff Lowe of Secure Computing Corporation.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-17 CVE Reserved
- 2007-11-29 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/150249 | Third Party Advisory |
|
| http://www.openssl.org/news/secadv_20071129.txt | X_refsource_confirm | |
| http://www.securitytracker.com/id?1019029 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/4044 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38796 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/27859 | 2017-07-29 | |
| http://www.securityfocus.com/bid/26652 | 2017-07-29 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openssl Search vendor "Openssl" | Fips Object Module Search vendor "Openssl" for product "Fips Object Module" | 1.1.1 Search vendor "Openssl" for product "Fips Object Module" and version "1.1.1" | - |
Affected
| ||||||