CVE-2008-3280

MEDIUM

OpenID - Use of Cryptographically Weak Pseudo-Random Number Generator

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3280. PoCs published by WarCat team.

AI-analyzed exploit summary This exploit leverages the Debian OpenSSL predictable PRNG vulnerability (CVE-2008-3280) to brute-force SSH private keys. It tests multiple keys against a target host to find a valid one for authentication.

Description

It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.

Exploits (1)

exploitdb WORKING POC VERIFIED
by WarCat team · pythonremotelinux
https://www.exploit-db.com/exploits/5720

This exploit leverages the Debian OpenSSL predictable PRNG vulnerability (CVE-2008-3280) to brute-force SSH private keys. It tests multiple keys against a target host to find a valid one for authentication.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL (Debian-specific versions affected by CVE-2008-3280)
No auth needed
Prerequisites: Pre-generated weak SSH keys from affected Debian systems · Network access to the target SSH service
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List, Mitigation, Vendor Advisory x_refsource_misc
http://lists.openid.net/pipermail/openid-security/2008-August/000942.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/5720

Scores

CVSS v3 5.9
EPSS 0.0395
EPSS Percentile 89.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-338
Status published
Products (1)
openid/openid
Published May 21, 2021
Tracked Since Feb 18, 2026