← back
CVE-2008-5659

CVE-2008-5659

EPSS 3.3%
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/32673unverifiedexploitdbwww.exploit-db.com/exploits/32674unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417https://exchange.xforce.ibmcloud.com/vulnerabilities/47574http://www.openwall.com/lists/oss-security/2008/12/06/2