|Title:||OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Windows)|
|Summary:||This host is running OpenSSL and is prone; to an information disclosure vulnerability.|
This host is running OpenSSL and is prone
to an information disclosure vulnerability.
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
A remote user that can conduct a man-in-the-middle attack can exploit a
timing vulnerability in its ECDSA signature algorithm to cause the target system to disclose private keys.
OpenSSL versions 1.1.0-1.1.0i and 1.1.1.
Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev or manually apply the fixes via Github.
See the references for more details.
BugTraq ID: 105750|
Common Vulnerability Exposure (CVE) ID: CVE-2018-0735
Debian Security Information: DSA-4348 (Google Search)
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.