CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

AZL-10659 CVE-2021-3798 affecting package opencryptoki for versions less than 3.17.0-1

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

UBUNTU-CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

Design/Logic Flaw

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

CVE-2021-3798

CVE-2021-3798 concerns a flaw in openCryptoki where the Soft token fails to validate EC keys created via C_CreateObject or derived with C_DeriveKey using ECDH public data. The underling issue allows a malicious user to extract the private key through an invalid-curve attack. Multiple connected so...

openCryptoki 安全漏洞

openCryptoki is openCryptoki open source a PKCS11 library and tool for Linux. A security vulnerability exists in openCryptoki that stems from the fact that when an EC key is created via CCreateObject or when CDeriveKey is used with ECDH public data, the openCryptoki soft token does not check if t...

PT-2022-10686 · Unknown · Opencryptoki

Name of the Vulnerable Software and Affected Versions: openCryptoki affected versions not specified Description: A flaw was found in openCryptoki, where the openCryptoki Soft token does not validate the EC key when it is created via C CreateObject or when C DeriveKey is used with ECDH public data...

opencryptoki bug fixand enhancement update

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The opencryptoki packages contain version 3.0 of the PKCS11 API,...

opencryptoki bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

opencryptoki bug fix and enhancement update

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

ALBA-2022:2030 opencryptoki bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Mageia: Security Advisory (MGASA-2021-0492)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5031-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

opencryptoki bug fix and enhancement update

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The opencryptoki packages contain version 2.11 of the PKCS11 API,...

opencryptoki bug fix and enhancement update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

ALBA-2021:5224 opencryptoki bug fix and enhancement update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...