11 matches found
PT-2026-49531
Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.21 Description The software reuses the nonce across signatures, which can lead to the recovery of the private key. The sign function in the Crypt::DSA::sign module caches the per-signature nonce material within t...
PT-2026-36003
Name of the Vulnerable Software and Affected Versions wget2 affected versions not specified Description An issue exists where the software accepts server certificates with incorrect Key Usage KU or Extended Key Usage EKU. This could allow an attacker who has compromised a certificate and its...
EUVD-2020-17547
Malware in sbrugna...
EUVD-2017-1552
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2024-31497
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in...
OT-based ECDSA Protocol Implementation Flaws
github.com/taurusgroup/multi-party-sig is vulnerable to OT-based ECDSA protocol implementation flaws. The vulnerability is due to improper handling of Oblivious Transfer OT operations, allowing an attacker to exploit weaknesses in the OT implementation to compromise private keys or forge digital...
OPENSUSE-SU-2024:0111-1 Security update for putty
This update for putty fixes the following issues: Update to release 0.81 Fix CVE-2024-31497: NIST P521 / ecdsa-sha2-nistp521 signatures are no longer generated with biased values of k. The previous bias compromises private keys...
PYSEC-2012-16
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...
Mandrake Linux Security Advisory : gnupg (MDKSA-2003:109)
A severe vulnerability was discovered in GnuPG by Phong Nguyen relating to ElGamal sign+encrypt keys. From Werner Koch's email message : 'Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a...
ElGamal sign+encrypt keys created by GnuPG can be compromised
Any ElGamal sign+encrypt keys created by GnuPG contain a cryptographic weakness that may allow someone to obtain the private key. These keys should be considered unusable and should be revoked. The following summary was written by Werner Koch, GnuPG author: Phong Nguyen identified a severe bug in...
GOST 34.10/GOST 34.19 digital signature weakness
There is a weakness leading to ability to create "universal" signature without having a key. Also, it's possible to spoof content in case more than one key is allowed. It's also possible to deliberately create "weak" signature which will lead to private key compromise...