Description
The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://eprint.iacr.org/2007/419.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26495
Various Sources x_refsource_misc
http://www.computerworld.com.au/index.php/id%3B1165210682%3Bfp%3B2%3Bfpid%3B1
Scores
EPSS
0.0473
EPSS Percentile
90.8%
Details
CWE
CWE-200
Status
published
Products (1)
microsoft/windows_2000
Published
Nov 20, 2007
Tracked Since
Feb 18, 2026