Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Harmony 加密问题漏洞
Vulnerability Description
Apache Harmony是美国阿帕奇(Apache)软件基金会的一个开源项目,是自由JAVA实现计划(Free Java implementations)的一部份,它的目标是以开源的方式实现JAVA SDK。 Android 4.3.1及之前版本的Java Cryptography Architecture (JCA)中使用的Apache Harmony 6.0M3及之前版本的SecureRandom实现过程中的classlib/modules/security/src/main/java/commo
CVSS Information
N/A
Vulnerability Type
N/A