PT-2014-3402 · Openssl+1 · Openssl+1

Alexander Dymo

Published

2014-04-29

Updated

2014-04-30

CVE-2013-7373

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Android versions prior to 4.4

Description The issue arises from the improper seeding of the OpenSSL PRNG in Android, making it easier for attackers to defeat cryptographic protection mechanisms. This is particularly concerning when the PRNG is used within multiple applications.

Recommendations For Android versions prior to 4.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-7373

Affected Products

Android

Openssl

PT-2014-3402 · Openssl+1 · Openssl+1

CVE-2013-7373

Weakness Enumeration

Related Identifiers

Affected Products

References · 6