OpenSSL PRNG Internal State Disclosure Vulnerability

The randomness pool and associated mixing function used by the OpenSSL PRNG (pseudo-random number generator) suffer from a flaw that could enable an attacker to reconstruct the generator's internal state.

The flaw exists because the data quantum used for generator output is derived from a hash value to which the same portion of secret internal state data was input. In general, this means the state data can no longer be considered secret. The number of requested PRNG output bytes can be as low as one, allowing for brute-force analysis of all possible cases.

If an attacker is able to gain knowledge of the generator's state, it may be possible for that attacker to predict future results.

The impact of this vulnerability depends on the nature of the target application or protocol. It is relatively unlikely for data to be retrieved from the OpenSSL PRNG in a pattern allowing for attacks.

No vulnerable applications are currently known.


Privacy Statement
Copyright 2010, SecurityFocus