CVE-2007-5502
OpenSSL FIPS Object Module 1.1.1 - Predictable Random Data Generation
Title source: llmDescription
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.
References (7)
Core 7
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4044
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26652
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019029
Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20071129.txt
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27859
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38796
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/150249
Scores
EPSS
0.0038
EPSS Percentile
59.7%
Details
CWE
CWE-310
Status
published
Products (1)
openssl/fips_object_module
1.1.1
Published
Dec 01, 2007
Tracked Since
Feb 18, 2026