79 matches found
Design/Logic Flaw
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...
ALPINE-CVE-2018-0737
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...
CVE-2018-0737
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...
UBUNTU-CVE-2018-0737
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...
CVE-2018-0737
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...
Libgcrypt Attack Allowed Recovery of RSA-1024 Keys
The cryptographic library Libgcrypt is vulnerable to a local side-channel attack; something researchers warn could allow full key recovery for RSA-1024. The vulnerability CVE-2017-7526 is tied to the fact that Libgcrypt, which is based on code from GnuPG, uses left to right sliding windows...
openSUSE Security Update : libressl (openSUSE-2017-222)
This update for libressl fixes the following issues : - CVE-2016-7056: Difficult to execute cache timing attack that may have allowed a local user to recover the private part from ECDSA P-256 keys boo1019334 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Cache-timing Attack
OpenSSL is vulnerable to a cache-timing attack. The attack exists due to a flaw in signing function of crypto/ecdsa/ecdsaossl.c which sets the BNFLGCONSTTIME flag for nonces instead of taking a secure code path in the BNmodinverse method...
OpenSSL ECDSA P-256 Private Key Acquisition Vulnerability
OpenSSL is an open source capable of implementing the Secure Sockets Layer SSL v2/v3 and Secure Transport Layer TLS v1 protocols developed by the OpenSSL team as a general-purpose cryptographic library that supports a wide range of cryptographic algorithms including symmetric ciphers, hash...
nettle: RSA/DSA code is vulnerable to cache-timing related attacks
It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance...
Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL regression (USN-3087-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3087-2 advisory. USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update...
Ubuntu: Security Advisory (USN-3087-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerabilities (USN-3087-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3087-1 advisory. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cau...
Not found the rear door: open source encryption software TrueCrypt security audit-vulnerability warning-the black bar safety net
TrueCrypt is a popular open source file encryption software, which the user includes a large number of“sensitive persons”, such as businessmen, politicians, journalists, and therefore its safety has been well received by the attention. 2 0 1 4 年 5 months, the open source encryption software...
CentOS 3 / 4 : openssl (CESA-2005:476)
Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...
Mandrake Linux Security Advisory : openssl (MDKSA-2005:096)
Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys CVE-2005-0109. The OpenSSL library has been patched to add a new fixed-window modexp implementation as default for RSA, DSA, and DH private key operations. The...
openssl, openssl095a, openssl096 security update
CentOS Errata and Security Advisory CESA-2005:476-01 Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and...
openssl, openssl096b security update
CentOS Errata and Security Advisory CESA-2005:476 Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and...
Moderate: Red Hat Security Advisory: openssl security update
Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...