Description
The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68191
Various Sources x_refsource_misc
http://dualec.org/DualECTLS.pdf
Various Sources x_refsource_misc
http://dualec.org/
Scores
EPSS
0.0025
EPSS Percentile
48.2%
Details
CWE
CWE-310
Status
published
Products (1)
dell/bsafe_share
Published
Jun 17, 2014
Tracked Since
Feb 18, 2026