OpenSSL CVE-2015-0285 Insufficient Entropy Security Weakness

OpenSSL is prone to a security weakness.

An attacker can exploit this issue to guess the generated key that can aid in further attacks.

OpenSSL versions prior to 1.0.2a are vulnerable.

Note: This issue was previously discussed in BID 73196 (OpenSSL Multiple UnspecifiedSecurity Vulnerabilities) but has been given its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus