ID CVE-2013-6078
Summary The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.
References
Vulnerable Configurations
  • EMC RSA BSAFE Toolkits
    cpe:2.3:a:emc:rsa_bsafe_toolkits
  • EMC RSA Data Protection Manager (DPM) 20130918
    cpe:2.3:a:emc:rsa_data_protection_manager:20130918
CVSS
Base: 5.8 (as of 19-06-2014 - 12:10)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
refmap via4
confirm http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
misc
Last major update 19-06-2014 - 12:10
Published 17-06-2014 - 11:55
Back to Top