The Crypt::DSA (aka Crypt-DSA) module 1.17 and previous versions for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote malicious users to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adam_kennedy crypt-dsa 0.10 |
||
adam_kennedy crypt-dsa 0.11 |
||
adam_kennedy crypt-dsa 0.12 |
||
adam_kennedy crypt-dsa 0.13 |
||
adam_kennedy crypt-dsa 0.02 |
||
adam_kennedy crypt-dsa 0.03 |
||
adam_kennedy crypt-dsa 1.16 |
||
adam_kennedy crypt-dsa |
||
adam_kennedy crypt-dsa 0.01 |
||
adam_kennedy crypt-dsa 0.14 |
||
adam_kennedy crypt-dsa 0.15_01 |