- 漏洞信息

96174
Android OpenSSL PRNG Improper Initialization Cryptographically Weak Values Generation
Context Dependent, Mobile Phone / Hand-held Device Cryptographic
Loss of Confidentiality Upgrade
Exploit Private Vendor Verified, Coordinated Disclosure, Discovered in the Wild

- 漏洞描述

Android contains a flaw related to improper initialization of the underlying OpenSSL PRNG that is triggered when an application e.g. uses the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation. This may result in non-cryptographically strong values being generated, which could allow attackers to have various impacts depending on the affected application (e.g. compromise a user's Bitcoin wallet).

- 时间线

2013-08-11 Unknow
Unknow Unknow

- 解决方案

The vendor has released a patch to OHA partners, addressing this vulnerability by ensuring the Android OpenSSL PRNG is initialized correctly. Upgrade to version 3.15 for Bitcoin Wallet, version 0.7.0 for Mycelium Bitcoin Wallet, version 0.8.3b for BitcoinSpinner, and version 3.54 for Blockchain, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站