Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-6594

Опубликовано: 03 фев. 2018
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Отчет

Starting in Red Hat Enterprise Linux (RHEL) 8 the python-crypto is not delivered anymore, therefore RHEL 8 is not affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5python-cryptoWill not fix
Red Hat Ceph Storage 1.3python-cryptoWill not fix
Red Hat Ceph Storage 2python-cryptoWill not fix
Red Hat Ceph Storage 3python-cryptoWill not fix
Red Hat Enterprise Linux 6python-cryptoWill not fix
Red Hat Enterprise Linux 7python-cryptoWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)python-cryptoWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)python-cryptoWill not fix
Red Hat OpenShift Enterprise 3python-cryptoWill not fix
Red Hat OpenStack Platform 10 (Newton)python-cryptoWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-325
https://bugzilla.redhat.com/show_bug.cgi?id=1542313python-crypto: Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext

EPSS

Процентиль: 74%
0.00798
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-6594

CVSS3: 7.5
ubuntu
около 8 лет назад

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

nvd логотип

CVE-2018-6594

CVSS3: 7.5
nvd
около 8 лет назад

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

debian логотип

CVE-2018-6594

CVSS3: 7.5
debian
около 8 лет назад

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates we ...

github логотип

GHSA-6528-wvf6-f6qg

CVSS3: 7.5
github
больше 7 лет назад

Pycrypto generates weak key parameters

fstec логотип

BDU:2018-01506

CVSS3: 7.5
fstec
около 8 лет назад

Уязвимость пакета, содержащего криптографические алгоритмы и протоколы для Python, Python-crypto, связанная с генерацией слабых ключевых параметров, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным

EPSS

Процентиль: 74%
0.00798
Низкий

5.3 Medium

CVSS3