Insecure Random Number Generation in Tor with OpenSSL 1.x and HardwareAccel on Intel Sandy Bridge and Ivy Bridge Platforms

Insecure Random Number Generation in Tor with OpenSSL 1.x and HardwareAccel on Intel Sandy Bridge and Ivy Bridge Platforms

CVE-2013-7295 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:N

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.