|Title:||OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)|
|Summary:||This host is running OpenSSL and is prone; to an information disclosure vulnerability.|
This host is running OpenSSL and is prone
to an information disclosure vulnerability.
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH,
has been shown to be vulnerable to a microarchitecture timing side channel attack.
An attacker with sufficient access to mount local timing attacks
during ECDSA signature generation could recover the private key.
OpenSSL versions 1.1.0-1.1.0h and 1.0.2-1.0.2p.
Upgrade OpenSSL to version 1.0.2q, 1.1.0i or later. See the references for more details.
BugTraq ID: 105897|
Common Vulnerability Exposure (CVE) ID: CVE-2018-5407
Debian Security Information: DSA-4348 (Google Search)
Debian Security Information: DSA-4355 (Google Search)
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.