Predictable Random Number Generation in IBM SDK Java Technology Edition
CVE-2014-0878

Currently unrated

Key Information:

Vendor: IBM
Status: Java Sdk
Vendor: CVE Published:; 26 May 2014

Summary

The IBMSecureRandom component within the IBM JCE and IBMSecureRandom cryptographic providers allows context-dependent attackers to circumvent cryptographic protections. This occurs due to the predictability of the random number generator's output in specific versions of the IBM SDK Java Technology Edition, potentially exposing sensitive data and facilitating various attacks.

References

http://secunia.com/advisories/59022

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21680750

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21679610

x_refsource_CONFIRM

Timeline

Vulnerability published
May 26, 2014
Vulnerability Reserved
Jan 6, 2014