RSA Security Advisory: ESA-2013-068 Crypto-J Default DRBG May Be Compromised

  • 7022325
  • 14-Nov-2017
  • 14-Nov-2017


Reflection PKI Services Manager


RSA strongly recommends that customers discontinue use of the default Dual EC DRBG (deterministic random bit generator) and move to a different DRBG.


We recommend that you upgrade PKI Services Manager to the latest version. Maintained customers can download the latest version from the Downloads website.
  • Reflection PKI Services Manager 1.3 SP2 is not affected by this vulnerability because RSA's Crypto-J library has been replaced with a new cryptographic module.
  • Reflection PKI Services Manager 1.2 SP2 and 1.3 install version 6.1 of RSA's Crypto-J library, which is subject to this issue. This issue is resolved in Reflection PKI Services Manager 1.3 Service Pack 1 (
  • Reflection PKI Services Manager 1.2 SP1 and earlier are not subject to this vulnerability.


Security Alert

Additional Information

If you have installed and configured your own Java JVM or JDK, the file will be located in the %JAVA_HOME%/jre/lib folder of your install.

To change the default RSA pseudo-random number generator (PRNG) used, you can add the following line to the file:
For more information about this alert, see