SA76 : Response to Dual Elliptic Curve DRBG vulnerabilities
1284
03 March 2020
03 February 2014
CLOSED
LOW
CVSS v2: 5.8
SUMMARY
The output of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) may be predictable. If the output is predictable, an attacker can use that property to guess the sequence of pseudo random values generated using the EC_DRBG. In a worst case scenario, an attacker could decrypt confidential data, modify signed data, or pose as another entity.
AFFECTED PRODUCTS
No Blue Coat products are vulnerable.
ISSUES
CVE-2007-6755 – CVSS v2 base score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Dual_EC_DRBG is a NIST standard and is provided in many cryptographic libraries, including RSA’s BSAFE. NIST has published the following statement: “NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used.”
Blue Coat products do not use Dual_EC_DRBG or BSAFE. Products that provide a “FIPS mode” of operation do not use Dual_EC_DRBG or BSAFE when the mode is enabled or when the mode is disabled.
REFERENCES
CVE-2007-6755 - https://nvd.nist.gov/vuln/detail/CVE-2007-6755
VU#274923 from CERT - http://www.kb.cert.org/vuls/id/274923
NIST Supplemental Bulletin - https://csrc.nist.gov/csrc/media/publications/shared/documents/itl-bulletin/itlbul2013-09-supplemental.pdf
Comments received by NIST on SP 800-90 A Rev 1, B and C - https://csrc.nist.gov/csrc/media/publications/sp/800-90a/rev-1/final/documents/draft_sp800_90a_comments_received.pdf
REVISION
2014-02-05 Clarification about FIPS mode
2014-02-03 Initial public release