The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
Max CVSS
7.5
EPSS Score
0.33%
Published
2008-12-17
Updated
2017-08-08
1 vulnerabilities found