PyCrypto: Weak key generation

Background PyCrypto is the Python Cryptography Toolkit. Description An error in the generate function in ElGamal.py causes PyCrypto to generate weak ElGamal keys. Impact A remote attacker might be able to derive private keys. Workaround There is no known workaround at this time. Resolution All...

CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

PYSEC-2012-16

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

Design/Logic Flaw

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

CVE-2012-2417

Removed by vendor...

CVE-2012-2417

CVE-2012-2417 : PyCrypto before 2.6 generates ElGamal keys using inappropriate prime numbers, reducing the signature/public key space and enabling brute-force attacks to derive the private key. Connected sources confirm the issue affects PyCrypto ElGamal key generation and that fixed versions exi...

Fedora 15 : python-crypto-2.3-6.fc15 (2012-8490)

This update is a security fix for CVE-2012-2417 insecure ElGamal key generation. Anyone using ElGamal keys should generate new keys as soon as practical any additional information about this bug will be tracked at https://bugs.launchpad.net/pycrypto/+bug/985164. Note that Tenable Network Security...

Fedora 16 : python-crypto-2.3-6.fc16 (2012-8470)

This update is a security fix for CVE-2012-2417 insecure ElGamal key generation. Anyone using ElGamal keys should generate new keys as soon as practical any additional information about this bug will be tracked at https://bugs.launchpad.net/pycrypto/+bug/985164. Note that Tenable Network Security...

Python PyCrypto密钥生成漏洞

BUGTRAQ ID: 53687 CVE ID: CVE-2012-2417 PyCrypto是使用Python编写的加密工具包。 PyCrypto 2.5之前版本在使用ElGamal方案生成密钥时存在错误，可造成缩减密钥空间，可被利用生成私钥，获取敏感信息。 0 python 2.5.x 厂商补丁： Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： www.python.org...

pycrypto -- vulnerable ElGamal key generation

Dwayne C. Litzenberger of PyCrypto reports: In the ElGamal schemes for both encryption and signatures, g is supposed to be the generator of the entire Z^p group. However, in PyCrypto 2.5 and earlier, g is more simply the generator of a random sub-group of Z^p. The result is that the signature spa...

Encipher It : Easiest Browser based Advanced Encryption Tools [Video Demonstration]

Encipher It : Easiest Browser based Advanced Encryption Tools Video Demonstration "Encipher It " One of the best and easiest AES Text encryptor for Google Mail or anything else. It Provide more secure PBKDF2 Password-Based Key Derivation Function key generation. It use Advanced Encryption Standar...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow...

stat(2)-based Context Keyed Payload Encoder

This is a Context-Keyed Payload Encoder based on stat2 and Shikata Ga Nai. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/poly' class MetasploitModule 'stat2-based Context Keyed Payload Encoder',...

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 protocols. Description The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free...

OpenSC Incorrect RSA Keys Generation Vulnerability

This host is installed with OpenSC and is prone to Insecure Key Generation vulnerability. OpenVAS Vulnerability Test $Id: secpodopenscinsecurekeygenerationvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OpenSC Incorrect RSA Keys Generation Vulnerability Authors: Antu Sanadi Copyright: Copyright c 20...

OpenSC < 0.11.8 Incorrect RSA Keys Generation Vulnerability

OpenSC is prone to an insecure key generation vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security fix for the ALT Linux 10 package gnutls30 version 2.6.6-alt1

April 30, 2009 Afanasov Dmitry 2.6.6-alt1 - 2.6.6 release. + fix Corrected double free on signature verification failure CVE-2009-1415 + fix DSA key generation CVE-2009-1416 + fix gnutls-cli expiration/activation time check CVE-2009-1417 - release fixes 19873 also...

Ubuntu: Security Advisory (USN-612-8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key...