15 matches found
EUVD-2017-17872
Malware in sbrugna...
SleepWalk: Exploiting Context Switching and Residual Power for Physical Side-Channel Attacks
Context switching is utilized by operating systems to change the execution context between application programs. It involves saving and restoring the states of multiple registers and performing a pipeline flush to remove any pre-fetched instructions, leading to a higher instantaneous power...
WinSCP Key Recovery Attack Vulnerability - Windows
WinSCP is prone to a key recovery attack vulnerability SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:winscp:winscp";...
WinSCP < 6.3.3 Key Recovery Attack Vulnerability
The version of WinSCP installed on the remote Windows host is prior to 6.3.3. It is, therefore, affected by a key recovery attack vulnerability. In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in...
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
The maintainers of the PuTTY Secure Shell SSH and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 ecdsa-sha2-nistp521 private keys. The flaw has been assigned the CVE identifier...
SIKE Broken
SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken, really badly. We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol SIDH, based on a "glue-and-split" theorem due to Kani. Our...
GO-2022-0187 Incorrect computation for P-256 curves in crypto/elliptic
The ScalarMult implementation of curve P-256 for amd64 architectures generates incorrect results for certain specific input points. An adaptive attack can progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to derive correct output. This leads ...
Post-Quantum Signature scheme Rainbow level I parametersets broken
Ward Beullens found a practical key-recovery attack against Rainbow. The level I parametersets are removed from liboqs starting from version 0.7.2. Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop. This means all the oqs::sig::Algorithm::RainbowI variants are insecure...
RUSTSEC-2022-0047 Post-Quantum Signature scheme Rainbow level I parametersets broken
Ward Beullens found a practical key-recovery attack against Rainbow. The level I parametersets are removed from liboqs starting from version 0.7.2. Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop. This means all the oqs::sig::Algorithm::RainbowI variants are insecure...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry
Summary OpenSSL vulnerabilities were disclosed on 28th Jan 2016, March 1, 2016 ,May 3 2016 by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVEs - CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176...
The Curious Case of WebCrypto Diffie-Hellman on Firefox - Small Subgroups Key Recovery Attack on DH
tl;dr Mozilla Firefox prior to version 72 suffers from Small Subgroups Key Recovery Attack on DH in the WebCrypto 's API. The Firefox's team fixed the issue removing completely support for DH over finite fields that is not in the WebCrypto standard. If you find this interesting read further below...
nss: small-subgroups attack flaw
It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group...
The RFC 5114 saga
Back in January I posed a question "to the Internet": What the heck is RFC 5114? It looks like a lot happened since then around it. I would like to use this post to recollect some of the stuff around RFC5114 . Chapter 0: October 2007 RFC5114 draft was submitted to the IETF . Chapter I: January 20...
UBUNTU-CVE-2016-1550
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...
OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)
Usual Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL...