cve/2007/CVE-2007-6755.md

### [CVE-2007-6755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6755)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values.  NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.

### POC

#### Reference
- http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
- https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/GrigGM/05-virt-04-docker-hw
- https://github.com/Live-Hack-CVE/CVE-2007-6755
- https://github.com/PajakAlexandre/wik-dps-tp02
- https://github.com/cdupuis/image-api
- https://github.com/fokypoky/places-list
- https://github.com/garethr/findcve
- https://github.com/garethr/snykout
- https://github.com/gatecheckdev/gatecheck
- https://github.com/jasona7/ChatCVE
- https://github.com/joelckwong/anchore
- https://github.com/valancej/anchore-five-minutes