The 2008 Pwnie Nominee For Mass 0wnage

Debian’s random number generator with 15 bits of entropy (CVE-2008-0166)

Discovered by: Luciano Bello

The crippled OpenSSL random number generator in Debian lead to numerous weak SSL and SSH keys, allowing attackers to break RSA encryption on an unprecedented scale. Since the flaw was announced, Luciano Bello, Maximiliano Bertacchini, and Paolo Abeni have released a patch to Wireshark that decrypts SSL sessions (bypassing PFS) that involve one of the weak keys

 (CVE-2008-0166)