ID CVE-2014-4191
Summary The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.
References
Vulnerable Configurations
  • EMC RSA BSAFE-C Toolkits (aka Share for C and C++)
    cpe:2.3:a:emc:rsa_bsafe-c_toolkits
CVSS
Base: 5.0 (as of 19-06-2014 - 12:26)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
refmap via4
misc
Last major update 19-06-2014 - 12:26
Published 17-06-2014 - 11:55
Back to Top