mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
1.5 KiB
1.5 KiB
CVE-2007-6755
Description
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
POC
Reference
- http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
- https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/GrigGM/05-virt-04-docker-hw
- https://github.com/Live-Hack-CVE/CVE-2007-6755
- https://github.com/PajakAlexandre/wik-dps-tp02
- https://github.com/cdupuis/image-api
- https://github.com/fokypoky/places-list
- https://github.com/garethr/findcve
- https://github.com/garethr/snykout
- https://github.com/gatecheckdev/gatecheck
- https://github.com/jasona7/ChatCVE
- https://github.com/joelckwong/anchore
- https://github.com/valancej/anchore-five-minutes