QwikSec

Security Database

CVE

CWE

Training

CVE-2008-5659

Published: Dec 17, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

classpath-gnujavasecurityutil-weak-security(47574)

vdb-entry

x_refsource_XF

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417

x_refsource_CONFIRM

[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.