| Vulnerability Name: | CVE-2000-0445 (CCN-4570) | ||||||||
| Assigned: | 2000-05-24 | ||||||||
| Published: | 2000-05-24 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20000523 Key Generation Security Flaw in PGP 5.0 Source: CCN Type: BugTraq Mailing List, Tue May 23 2000 - 16:13:23 CDT Key Generation Security Flaw in PGP 5.0 Source: MITRE Type: CNA CVE-2000-0445 Source: CCN Type: CERT Advisory CA-2000-09 Flaw in PGP 5.0 Key Generation Source: CERT Type: US Government Resource CA-2000-09 Source: CCN Type: US-CERT VU#26188 Keys generated with PGP5i batch mode do not contain sufficient randomness on systems that use /dev/random Source: CCN Type: Network Associates, Inc.Software Upgrades Licensed User Product Upgrade Source: OSVDB Type: UNKNOWN 1355 Source: CCN Type: OSVDB ID: 1355 PGP Predictable Key Generation Source: BID Type: UNKNOWN 1251 Source: CCN Type: BID-1251 Multiple Vendor PGP5 Automatic Key Generation Routine Vulnerability Source: XF Type: UNKNOWN pgp-key-predictable(4570) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||