Computer Security
[EN] securityvulns.ru no-pyccku


OpenSSL cryptographic vulnerability
Published:13.08.2007
Source:
SecurityVulns ID:8033
Type:local
Threat Level:
5/10
Description:Montgomery multiplication for elleptic cryptography is not applied in BN_from_montgomery() functions, making it possible to retrieve RSA private key of different user.
Affected:OPENSSL : OpenSSL 0.9
CVE:CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.)
Original documentdocumentRPATH, rPSA-2007-0155-1 openssl openssl-scripts (13.08.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod