Vulnerabilities > CVE-2008-5659 - Cryptographic Issues vulnerability in GNU Classpath
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Exploit-Db
description GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (2). CVE-2008-5659. Remote exploits for multiple platform id EDB-ID:32674 last seen 2016-02-03 modified 2008-12-05 published 2008-12-05 reporter Jack Lloyd source https://www.exploit-db.com/download/32674/ title GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness 2 description GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (1). CVE-2008-5659. Remote exploits for multiple platform id EDB-ID:32673 last seen 2016-02-03 modified 2008-12-05 published 2008-12-05 reporter Jack Lloyd source https://www.exploit-db.com/download/32673/ title GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness 1