245 matches found
OpenJDK: DSA implementation timing attack (JCE, 8175106)
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel...
OpenJDK: DSA implementation timing attack (JCE, 8175106)
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel...
openssl: ECDSA P-256 timing attack key recovery
A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys...
OpenJDK: DSA implementation timing attack (JCE, 8175106)
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel...
OpenJDK: DSA implementation timing attack (JCE, 8175106)
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel...
openssl: Non-constant time codepath followed for certain operations in DSA implementation
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...
UBUNTU-CVE-2017-9526
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...
Wingstop's Android App has an overstepping vulnerability
Yonganxing App is a service platform that guides green shared mobility in the city. Yonganxing Android App suffers from an overstepping vulnerability, where an attacker utilizes the signature algorithm of the data communicated with the server side to overstep its authority to view other users'...
CVE-2015-8234
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision...
OpenJDK: DSA implementation timing attack (Libraries, 8168728)
A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel...
OpenJDK: DSA implementation timing attack (Libraries, 8168728)
A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel...
OpenJDK: DSA implementation timing attack (Libraries, 8168728)
A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel...
Protection Mechanism Bypass
OpenSSL is vulnerable to protection mechanism bypass. This is because OpenSSL accepts several variations of certificate signature algorithms and signature encodings. It doesn't then enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. This...
openssl: Non-constant time codepath followed for certain operations in DSA implementation
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...
OpenJDK: DSA implementation timing attack (Libraries, 8168728)
A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel...
OpenJDK: DSA implementation timing attack (Libraries, 8168728)
A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel...
openssl: Non-constant time codepath followed for certain operations in DSA implementation
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...
OpenSSL: Double-free in DSA code
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...
FreeBSD : cryptopp -- multiple vulnerabilities (eab68cff-bc0c-11e6-b2ca-001b3856973b)
Multiple sources report : CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...
openssl: Non-constant time codepath followed for certain operations in DSA implementation
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...