{
  "schema_version": "1.4.0",
  "id": "GHSA-whq3-8f4v-48fj",
  "modified": "2025-04-12T12:34:53Z",
  "published": "2022-05-17T04:41:49Z",
  "aliases": [
    "CVE-2013-6078"
  ],
  "details": "The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified \"security concerns,\" aka the ESA-2013-068 issue.  NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6078"
    },
    {
      "type": "WEB",
      "url": "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers"
    },
    {
      "type": "WEB",
      "url": "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html"
    },
    {
      "type": "WEB",
      "url": "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655"
    },
    {
      "type": "WEB",
      "url": "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-06-17T15:55:00Z"
  }
}