Weak Random Number Generators in SecureW2 3.0 TLS Implementation: A Vulnerability

CVE-2005-3087 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The SecureW2 3.0 TLS implementation uses weak random number generators (rand and srand from system time) during generation of the pre-master secret (PMS), which makes it easier for attackers to guess the secret and decrypt sensitive data.

Learn more about our Web Application Penetration Testing UK.