Predictable Random Number Generation Vulnerability in IBM SDK Java Technology Edition

Predictable Random Number Generation Vulnerability in IBM SDK Java Technology Edition

CVE-2014-0878 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

Learn more about our Cis Benchmark Audit For Ibm I.