The 2008 Pwnie Winner For Most Epic Fail

Debian for shipping a backdoored OpenSSL library for two years (CVE-2008-0166)

Debian Project

On May 2nd, 2006 Kurt Roeckx commented out two very important lines of code in the OpenSSL pseudo-random number generator (PRNG). The reason? Valgrind and Purify complained about the use of uninitialized data in the function that seeded the PRNG. By commenting out these two lines of code, the randomness of all cryptographic keys generated by the Debian OpenSSL package was reduced to about 15 bits, or less than 32,768 unique keys in practice.

By crippling the PRNG in the OpenSSL library, not only were all cryptographic keys generated on Debian-based systems suspect, but all cryptographic operations performed by these systems as well. Since the flaw was announced, Luciano Bello, Maximiliano Bertacchini, and Paolo Abeni have released a patch to Wireshark that decrypts SSL sessions (bypassing Perfect Forward Secrecy) that involve one of the weak keys. To this date, Kurt Roeckx still hosts vulnerable versions of the OpenSSL library in his personal directory on the Debian servers and has not been stripped of his Debian developer status.