CVE-2007-6043
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
La función CryptGenRandom en Microsoft Windows 2000 genera valores predecibles, lo cual hace más fácil para un atacantes dependiente del contexto reducir la efectividad de mecanismos criptográficos, como se demostró por un ataque sobre (1) forward security y (2) backward security, relacionado con el uso de ocho instancias de RC4 cipher, y posiblemente relacionado con el asunto CVE-2007-3898.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-11-20 CVE Reserved
- 2007-11-20 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://eprint.iacr.org/2007/419.pdf | X_refsource_misc | |
| http://www.computerworld.com.au/index.php/id%3B1165210682%3Bfp%3B2%3Bfpid%3B1 | X_refsource_misc | |
| http://www.securityfocus.com/bid/26495 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | - |
Affected
| ||||||