1. CVE-Search
  2. CVE-2013-6078
ID CVE-2013-6078
Summary The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change. As with CVE-2007-6755 this vulnerability has been scored with the assumption the relationship between P and Q is known to the attacker. Please see CVE-2007-6755 [link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6755] more information.
References
Vulnerable Configurations
  • cpe:2.3:a:emc:rsa_bsafe_toolkits:-:*:*:*:*:*:*:*
    cpe:2.3:a:emc:rsa_bsafe_toolkits:-:*:*:*:*:*:*:*
  • cpe:2.3:a:emc:rsa_data_protection_manager:20130918:*:*:*:*:*:*:*
    cpe:2.3:a:emc:rsa_data_protection_manager:20130918:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 19-06-2014 - 16:10)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
confirm http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
misc
Last major update 19-06-2014 - 16:10
Published 17-06-2014 - 15:55
Last modified 19-06-2014 - 16:10
Back to Top