CVE-2007-5502
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
01/12/2007
Last modified:
09/04/2025
Description
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openssl:fips_object_module:1.1.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/27859
- http://www.kb.cert.org/vuls/id/150249
- http://www.openssl.org/news/secadv_20071129.txt
- http://www.securityfocus.com/bid/26652
- http://www.securitytracker.com/id?1019029=
- http://www.vupen.com/english/advisories/2007/4044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38796
- http://secunia.com/advisories/27859
- http://www.kb.cert.org/vuls/id/150249
- http://www.openssl.org/news/secadv_20071129.txt
- http://www.securityfocus.com/bid/26652
- http://www.securitytracker.com/id?1019029=
- http://www.vupen.com/english/advisories/2007/4044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38796