Bug 1202410 (CVE-2015-0285) - CVE-2015-0285 openssl: handshake with unseeded PRNG
Summary: CVE-2015-0285 openssl: handshake with unseeded PRNG
Alias: CVE-2015-0285
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
Blocks: 1202442
TreeView+ depends on / blocked
Reported: 2015-03-16 14:48 UTC by Martin Prpič
Modified: 2023-05-12 08:14 UTC (History)
48 users (show)

Fixed In Version: openssl 1.0.2a
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-03-18 03:38:40 UTC

Attachments (Terms of Use)

Description Martin Prpič 2015-03-16 14:48:46 UTC
Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are:

- The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually

- A protocol specific client method version has been used (i.e. not SSL_client_methodv23)

- A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).

If the handshake succeeds then the client random that has been used will have
been generated from a PRNG with insufficient entropy and therefore the output
may be predictable.

For example using the following command with an unseeded openssl will succeed on an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

This issue affects OpenSSL version 1.0.2, and is fixed in version 1.0.2a.

Upstream patch:



Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Matt Caswell of the OpenSSL development team as the original reporter.

Comment 1 Huzaifa S. Sidhpurwala 2015-03-18 03:37:59 UTC

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, 6, and 7.

Note You need to log in before you can comment on or make changes to this bug.