2 matches found
github.com/ecies/go vulnerable to possible private key restoration
Impact If functions Encapsulate, Decapsulate and ECDH could be called by an attacker, he could recover any private key that he interacts with. Patches Patched in v2.0.8 Workarounds You could manually check public key by calling IsOnCurve function from secp256k1 libraries. References...
Private Key Restoration
github.com/ecies/go is vulnerable to Private Key Restoration. The vulnerability arises due to the Encapsulate and Decapsulate functions, which allows an attacker to possibly recover the private key due to an Invalid Curve Point...