Vulnerability in EMC RSA BSAFE-C Toolkits Affects TLS Session Security
CVE-2014-4192

Currently unrated

Key Information:

Vendor: Dell
Status: Bsafe Share
Vendor: CVE Published:; 17 June 2014

Summary

The Dual_EC_DRBG implementation within EMC RSA BSAFE-C Toolkits has a significant flaw that affects the generation of cryptographic output. This vulnerability arises as the system processes requests for output bytes based solely on the requested count, failing to account for already cached bytes. Consequently, remote attackers may exploit this oversight to recover the algorithm's inner state, potentially allowing them to decrypt TLS session data and compromise data integrity.

References

http://dualec.org/DualECTLS.pdf

x_refsource_MISC

http://dualec.org/

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 17, 2014