Vulnerabilities > CVE-2008-5659 - Cryptographic Issues vulnerability in GNU Classpath

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gnu
CWE-310
exploit available
NVD
Published: 2008-12-17
Updated: 2024-11-21

Summary

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.

Vulnerable Configurations

Part Description Count
Application
Gnu
25

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

  • descriptionGNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (2). CVE-2008-5659. Remote exploits for multiple platform
    idEDB-ID:32674
    last seen2016-02-03
    modified2008-12-05
    published2008-12-05
    reporterJack Lloyd
    sourcehttps://www.exploit-db.com/download/32674/
    titleGNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness 2
  • descriptionGNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (1). CVE-2008-5659. Remote exploits for multiple platform
    idEDB-ID:32673
    last seen2016-02-03
    modified2008-12-05
    published2008-12-05
    reporterJack Lloyd
    sourcehttps://www.exploit-db.com/download/32673/
    titleGNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness 1

References