Note that this last point means that passwords transmitted over ssh to a server with a weak dsa server key could be compromised too see the Debian project's reaction to this. all key types that were generated using openssl (this includes RSA and DSA keys)Ĭompromise of other keys or passwords that were transmitted over an encrypted link that was set up using weak keys.weak keys for both clients and servers (see section "Identifying Weak Keys below").web server certificates) potentially vulnerable. In Debian Security Advisory 1571, also known as CVE-2008-0166 (New openssl packages fix predictable random number generator), the Debian Security Team disclosed a vulnerability in the openssl package that makes many cryptographic keys that are used for authentication (e.g.