cve/2008/CVE-2008-0166.md

### [CVE-2008-0166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

### POC

#### Reference
- https://www.exploit-db.com/exploits/5622
- https://www.exploit-db.com/exploits/5632
- https://www.exploit-db.com/exploits/5720

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CVE-2008-0166/dwk_blocklists
- https://github.com/CVE-2008-0166/dwklint
- https://github.com/CVE-2008-0166/key_generator
- https://github.com/CVE-2008-0166/openssl_blocklists
- https://github.com/CVE-2008-0166/private_keys
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/D4-project/snake-oil-crypto
- https://github.com/DFKTYNBY967/-
- https://github.com/RanadheerDanda/debian-ssh
- https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API
- https://github.com/avarx/vulnkeys
- https://github.com/b4el7d/KlimAutoRoot
- https://github.com/badkeys/debianopenssl
- https://github.com/brimstone/stars
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/demining/Chinese-version-of-Bitcoin-blockchain-cryptanalysis
- https://github.com/demining/CryptoDeepTools
- https://github.com/demining/Japanese-version-of-Bitcoin-blockchain-cryptanalysis
- https://github.com/demining/Korean-version-of-Bitcoin-blockchain-cryptanalysis
- https://github.com/demining/Vulnerable-to-Debian-OpenSSL-bug-CVE-2008-0166
- https://github.com/g0tmi1k/debian-ssh
- https://github.com/google/paranoid_crypto
- https://github.com/hackerhouse-opensource/exploits
- https://github.com/hackerschoice/thc-btc-rng-bruteforce
- https://github.com/hdyfha/crypto
- https://github.com/hoefling/dsa-1571
- https://github.com/huzhifeng/dailybox
- https://github.com/islanddog/htb_oscp_notes
- https://github.com/jessexe/Crypto
- https://github.com/kherrick/hacker-news
- https://github.com/kherrick/lobsters
- https://github.com/manyunya/CryptoDeepTools
- https://github.com/nitishbadole/oscp-note-2
- https://github.com/olivexo28/potential-octo-waddle
- https://github.com/pixel-wipe/CryptoDeepTools
- https://github.com/rmsbpro/rmsbpro
- https://github.com/shn3rd/OpenSSL-PRNG
- https://github.com/snowdroppe/ssh-keybrute
- https://github.com/zhaoolee/garss
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2008-0166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.`

			`### POC`

			`#### Reference`
			`- https://www.exploit-db.com/exploits/5622`
			`- https://www.exploit-db.com/exploits/5632`
			`- https://www.exploit-db.com/exploits/5720`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/CVE-2008-0166/dwk_blocklists`
			`- https://github.com/CVE-2008-0166/dwklint`
			`- https://github.com/CVE-2008-0166/key_generator`
			`- https://github.com/CVE-2008-0166/openssl_blocklists`
			`- https://github.com/CVE-2008-0166/private_keys`
			`- https://github.com/CVEDB/PoC-List`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/D4-project/snake-oil-crypto`
			`- https://github.com/DFKTYNBY967/-`
			`- https://github.com/RanadheerDanda/debian-ssh`
			`- https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API`
			`- https://github.com/avarx/vulnkeys`
			`- https://github.com/b4el7d/KlimAutoRoot`
			`- https://github.com/badkeys/debianopenssl`
			`- https://github.com/brimstone/stars`
			`- https://github.com/chnzzh/OpenSSL-CVE-lib`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/demining/Chinese-version-of-Bitcoin-blockchain-cryptanalysis`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/demining/CryptoDeepTools`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/demining/Japanese-version-of-Bitcoin-blockchain-cryptanalysis`
			`- https://github.com/demining/Korean-version-of-Bitcoin-blockchain-cryptanalysis`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/demining/Vulnerable-to-Debian-OpenSSL-bug-CVE-2008-0166`
			`- https://github.com/g0tmi1k/debian-ssh`
			`- https://github.com/google/paranoid_crypto`
			`- https://github.com/hackerhouse-opensource/exploits`
			`- https://github.com/hackerschoice/thc-btc-rng-bruteforce`
			`- https://github.com/hdyfha/crypto`
			`- https://github.com/hoefling/dsa-1571`
			`- https://github.com/huzhifeng/dailybox`
			`- https://github.com/islanddog/htb_oscp_notes`
			`- https://github.com/jessexe/Crypto`
			`- https://github.com/kherrick/hacker-news`
			`- https://github.com/kherrick/lobsters`
			`- https://github.com/manyunya/CryptoDeepTools`
			`- https://github.com/nitishbadole/oscp-note-2`
			`- https://github.com/olivexo28/potential-octo-waddle`
			`- https://github.com/pixel-wipe/CryptoDeepTools`
			`- https://github.com/rmsbpro/rmsbpro`
			`- https://github.com/shn3rd/OpenSSL-PRNG`
			`- https://github.com/snowdroppe/ssh-keybrute`
			`- https://github.com/zhaoolee/garss`