Insecure Random Number Generation in Tor with OpenSSL 1.x and HardwareAccel on Intel Sandy Bridge and Ivy Bridge Platforms
CVE-2013-7295 · MEDIUM Severity
AV:N/AC:H/AU:N/C:P/I:P/A:N
Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.
Learn more about our Web Application Penetration Testing UK.