SA76 : Response to Dual Elliptic Curve DRBG vulnerabilities

1284

03 March 2020

03 February 2014

CLOSED

LOW

CVSS v2: 5.8

SUMMARY

The output of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) may be predictable. If the output is predictable, an attacker can use that property to guess the sequence of pseudo random values generated using the EC_DRBG. In a worst case scenario, an attacker could decrypt confidential data, modify signed data, or pose as another entity.

AFFECTED PRODUCTS

No Blue Coat products are vulnerable.

ISSUES

CVE-2007-6755 – CVSS v2 base score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Dual_EC_DRBG is a NIST standard and is provided in many cryptographic libraries, including RSA’s BSAFE. NIST has published the following statement: “NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used.”

Blue Coat products do not use Dual_EC_DRBG or BSAFE. Products that provide a “FIPS mode” of operation do not use Dual_EC_DRBG or BSAFE when the mode is enabled or when the mode is disabled.

REFERENCES

REVISION

2014-02-05 Clarification about FIPS mode
2014-02-03 Initial public release