Search for vulnerabilities
Vulnerability details: VCID-pquf-jxju-aaap
Vulnerability ID VCID-pquf-jxju-aaap
Aliases CVE-2007-6755
Summary The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
System Score Found at
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.0043 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.0043 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00453 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00453 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00453 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00453 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00614 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
epss 0.00636 https://api.first.org/data/v1/epss?cve=CVE-2007-6755
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1046045
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2007-6755
Reference id Reference type URL
http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
http://rump2007.cr.yp.to/15-shumow.pdf
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6755.json
https://api.first.org/data/v1/epss?cve=CVE-2007-6755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6755
http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect
http://www.securityfocus.com/bid/63657
1046045 https://bugzilla.redhat.com/show_bug.cgi?id=1046045
cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_crypto-j:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dell:bsafe_crypto-j:5.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:bsafe_crypto-j:5.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dell:bsafe_crypto-j:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-c_me:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-c_me:*:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-c_me:3.0.0.19:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-c_me_mfp_psos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-c_me_mfp_psos:*:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-c_me_mfp_psos:3.0.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-c_me_mfp_psos:3.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-c_me_mfp_vxworks:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-c_me_mfp_vxworks:*:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-j_jsafe_and_jce:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-j_jsafe_and_jce:*:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-j_jsafe_and_jce:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-j_jsafe_and_jce:5.0:*:*:*:*:*:*:*
cpe:2.3:a:rsa:bsafe_crypto-j_jsafe_and_jce:5.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsa:bsafe_crypto-j_jsafe_and_jce:5.0.1:*:*:*:*:*:*:*
CVE-2007-6755 https://nvd.nist.gov/vuln/detail/CVE-2007-6755
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2007-6755
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.57518
EPSS Score 0.00395
Published At April 2, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.