CVE-2007-6043

Microsoft Windows 2000 - Predictable Cryptography

Title source: llm
STIX 2.1

Description

The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.

References (3)

Core 3
Core References
Various Sources x_refsource_misc
http://eprint.iacr.org/2007/419.pdf
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26495

Scores

EPSS 0.0473
EPSS Percentile 90.8%

Details

CWE
CWE-200
Status published
Products (1)
microsoft/windows_2000
Published Nov 20, 2007
Tracked Since Feb 18, 2026