Computer Security
[EN] securityvulns.ru
no-pyccku

  

CVECVE-2011-1945
StatusCandidate
DescriptionThe elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
Severity
Low
CVSS score2,6
CVSS vector(AV:N/AC:H/Au:N/C:P/I:N/A:N)
PhaseAssigned (05.06.2013)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1945
ReferencesSECUNIA : 44935
 DEBIAN : DSA-2309
 MISC : http://eprint.iacr.org/2011/232.pdf
 CONFIRM : http://www.kb.cert.org/vuls/id/MAPG-8FENZ3
 MANDRIVA : MDVSA-2011:136
 MANDRIVA : MDVSA-2011:137
 SUSE : openSUSE-SU-2011:0634
 SUSE : SUSE-SU-2011:0636
 CERT-VN : VU#536044
SecurityVulns:DigiNotar fraudulent certificates
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru