Dual Elliptic Curve Deterministic Random Bit Generation Algorithm Flaw in RSA Security Products
CVE-2007-6755

Currently unrated

Key Information:

Vendor

Dell
Status
Bsafe Crypto-c-micro-edition
Bsafe Crypto-j
Vendor
CVE Published:
11 October 2013

What is CVE-2007-6755?

The Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm provided by RSA Security has a known issue with its default point Q constants. These constants may be correlated with 'skeleton key' values, allowing attackers who exploit this relationship to undermine cryptographic protections. This flaw poses serious risks, as it can enable context-dependent attacks that potentially compromise sensitive data and systems relying on this random number generation process.

References

http://blog.cryptographyengineering.com/2013/09/rsa-warns...
x_refsource_MISC
http://stream.wsj.com/story/latest-headlines/SS-2-63399/S...
x_refsource_MISC
https://www.schneier.com/blog/archives/2007/11/the_strang...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.