14 matches found
Side channel timing attacks against (EC)DSA in RSA BSAFE CVE-2019-3739/CVE-2019-3740 - Project Wycheproof is the AFL for Cryptography
About a year ago I wrote this tweet and now I can finally justify it Project Wycheproof https://t.co/wBz9P8atHs is the AFL https://t.co/JM2l557PZi of crypto. Thanks a lot @XorNinja and team notably including Bleichenbacher for providing such a powerful tool — Antonio Sanso @asanso April 9, 2018 i...
mozilla-nss: update to avoid signature forgery (critical)
Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...
NSS update to avoid signature forgery (critical)
NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...
Updated nss packages fix CVE-2014-1568
Updated nss packages fix security vulnerability: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack...
Mozilla Patches RSA Signature Forgery in NSS, Firefox
The Mozilla Foundation has issued a security alert informing users that they have updated a number of their products in order to fix a vulnerability that could allow an attacker to forge RSA certificate signatures and perform man-in-the-middle attacks. The vulnerability has been known for some...
RSA Signature Forgery in NSS — Mozilla
Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...
NSS: Signature forgery attack
Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...
NSS -- RSA Signature Forgery
The Mozilla Project reports: Antoine Delignat-Lavaud discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...
Fedora Core 5 : openssl-0.9.8a-5.3 / openssl097a-0.9.7a-4.2.2 (2006-953)
This is a security update for CVE-2006-4339. Avoid PKCS 1 v1.5 signature attack discovered by Daniel Bleichenbacher Ben Laurie; Google Security Team Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted t...
Mandrake Linux Security Advisory : openssl (MDKSA-2006:161)
Daniel Bleichenbacher recently described an attack on PKCS 1 v1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS 1 v1.5 signature signed by that key. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, a...
Debian DSA-1210-1 : mozilla-firefox - several vulnerabilities
Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function...
Debian DSA-1182-1 : gnutls11 - cryptographic weakness
Daniel Bleichenbacher discovered a flaw in GNU TLS cryptographic package that could allow an attacker to generate a forged signature that GNU TLS will accept as valid. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
RSA Signature Forgery — Mozilla
Philip Mackenzie and Marius Schilder of Google informed us of Daniel Bleichenbacher's recent presentation of a common implementation error in RSA signature verification, a failure to account for extra data in the signature. For signatures with a small exponent such as 3 it is possible for an...
DSA-1174-1 openssl096 - cryptographic weakness
Bulletin has no description...