The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-04-29T20:00:00Z
Updated: 2024-09-17T02:33:10.764Z
Reserved: 2014-04-29T00:00:00Z
Link: CVE-2013-7372
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-04-29T20:55:08.933
Modified: 2024-11-21T02:00:51.893
Link: CVE-2013-7372
Redhat
No data.