| Vulnerability Name: | CVE-2007-6043 (CCN-38850) | ||||||||
| Assigned: | 2007-11-13 | ||||||||
| Published: | 2007-11-13 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N) 5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:U/RC:UR)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-6043 Source: MISC Type: UNKNOWN http://eprint.iacr.org/2007/419.pdf Source: CCN Type: Computerworld News, 13/11/2007 11:30:34 Security loophole in Windows 2000 exposes users' private info Source: MISC Type: UNKNOWN http://www.computerworld.com.au/index.php/id;1165210682;fp;2;fpid;1 Source: CCN Type: Microsoft Corporation Web site Microsoft Windows Source: BID Type: UNKNOWN 26495 Source: CCN Type: BID-26495 Microsoft Windows Insecure Random Number Generator Information Disclosure Weakness Source: XF Type: UNKNOWN win-cryptgenrandom-information-disclosure(38850) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||