CVE-2013-7373
N/A
N/A
Summary
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://marc.info/?l=openssl-dev&m=130298304903422&w=2
- http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/
- http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html
- http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_flaw_in_android/cblvum5
- http://marc.info/?l=openssl-dev&m=130289811108150&w=2
References
- http://marc.info/?l=openssl-dev&m=130298304903422&w=2
- http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/
- http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html
- http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_flaw_in_android/cblvum5
- http://marc.info/?l=openssl-dev&m=130289811108150&w=2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.