CVE-2008-5659

Name of the Vulnerable Software and Affected Versions GNU Classpath versions 0.97.2 and earlier

Description The issue concerns the gnu.java.security.util.PRNG class, which uses a predictable seed based on the system time. This predictability makes it easier for attackers to conduct brute force attacks against cryptographic routines that utilize this class for randomness. An example of such an attack is against DSA private keys.

Recommendations For GNU Classpath versions 0.97.2 and earlier, consider updating to a version that uses a more secure method for generating random numbers, as the current implementation poses a significant risk to the security of cryptographic operations.