CVE-2008-0166

EPSS 70.7%

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Affected products

n/a · n/a

public PoCs found — 10

githubgithub.com/g0tmi1k/debian-ssh★ 410 githubgithub.com/demining/Vulnerable-to-Debian-OpenSSL-bug-CVE-2008-0166★ 9 githubgithub.com/badkeys/debianopenssl★ 7 githubgithub.com/avarx/vulnkeys★ 1 githubgithub.com/Faizan8232403/CVE-Exploit-Research-Development★ 0 githubgithub.com/AhegaoPsyops/sslWeakness★ 0 githubgithub.com/QasimShahbaz21/CVE-Exploit-Research-Development★ 0 cve_referencewww.exploit-db.com/exploits/5622unverified cve_referencewww.exploit-db.com/exploits/5720unverified cve_referencewww.exploit-db.com/exploits/5632unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://metasploit.com/users/hdm/tools/debian-openssl/https://16years.secvuln.info http://secunia.com/advisories/30136 http://secunia.com/advisories/30220 http://secunia.com/advisories/30221 http://secunia.com/advisories/30231 http://secunia.com/advisories/30239 http://secunia.com/advisories/30249 https://exchange.xforce.ibmcloud.com/vulnerabilities/42375 https://news.ycombinator.com/item?id=40333169 http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel https://www.exploit-db.com/exploits/5622