Vulnerabilities > CVE-2011-4574 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Polarssl
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 15 |