Environment
Reflection PKI Services Manager
Situation
RSA strongly recommends that customers discontinue use of the default Dual EC DRBG (deterministic random bit generator) and move to a different DRBG.
Resolution
We recommend that you upgrade PKI Services Manager to the latest version. Maintained customers can download the latest version from the Downloads website.
- Reflection PKI Services Manager 1.3 SP2 is not affected by this vulnerability because RSA's Crypto-J library has been replaced with a new cryptographic module.
- Reflection PKI Services Manager 1.2 SP2 and 1.3 install version 6.1 of RSA's Crypto-J library, which is subject to this issue. This issue is resolved in Reflection PKI Services Manager 1.3 Service Pack 1 (1.3.1.139).
- Reflection PKI Services Manager 1.2 SP1 and earlier are not subject to this vulnerability.
Status
Security AlertAdditional Information
If you have installed and configured your own Java JVM or JDK, the java.security file will be located in the %JAVA_HOME%/jre/lib folder of your install.
To change the default RSA pseudo-random number generator (PRNG) used, you can add the following line to the java.security file:
To change the default RSA pseudo-random number generator (PRNG) used, you can add the following line to the java.security file:
com.rsa.crypto.default.random=HMACDRBG256For more information about this alert, see http://csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf.