Multiple Innominate mGuard products contain a flaw related to an insufficient use of entropy in the generation of keys for HTTPS and SSH. This may allow an attacker to calculate the value of private keys, allowing them to sniff traffic or possibly inject commands to be executed on the remote system via a man-in-the-middle attack.

Upgrade to version 7.5.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2012-3006 (see also: NVD)
• Secunia Advisory ID: 49632
• Vendor Specific Advisory URL: http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf
• Other Advisory URL: http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf
  https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs

• Zakir Durumeric - University of Michigan
• Eric Wustrow - University of Michigan
• J. Alex Halderman - University of Michigan
• Nadia Heninger - University of California, San Diego