this post was submitted on 12 May 2024
21 points (95.7% liked)

Security

5005 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
[email protected]
21
16 years of CVE-2008-0166 - Debian OpenSSL Bug (16years.secvuln.info)
submitted 6 months ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 

Today, 16 years ago, Debian published a security advisory announcing CVE-2008-0166, a severe bug in their OpenSSL package that effectively broke the random number generator and limited the key space to a few ten thousand keys. The vulnerability affected Debian+Ubuntu between 2006 and 2008. In 2007, an email signature system called DKIM was introduced. Is it possible that people configured DKIM in 2007, never changed their key, and are still vulnerable to CVE-2008-0166?

https://mastodon.social/@hanno/112427156548148984

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here