Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-2417

Published: 17/06/2012 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Dlitz

Vulnerability Summary

PyCrypto prior to 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for malicious users to conduct brute force attacks to obtain the private key.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dlitz pycrypto 2.4

dlitz pycrypto 2.3

dlitz pycrypto 1.9

dlitz pycrypto 1.0.1

dlitz pycrypto 1.0.0

dlitz pycrypto

dlitz pycrypto 2.4.1

dlitz pycrypto 2.0.1

dlitz pycrypto 2.0

dlitz pycrypto 1.1

dlitz pycrypto 1.0.2

dlitz pycrypto 2.1.0

dlitz pycrypto 2.2

Vendor Advisories

Ubuntu Security Notice: python-crypto vulnerability
PyCrypto improperly created ElGamal encryption keys ...
Debian Security Advisories: DSA-2502-1 python-crypto -- programming error
It was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute force attacks on such keys For the stable distribution (squeeze), this problem has ...
Amazon Linux AMI: ALAS-2012-086
PyCrypto before 26 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key ...

References

CWE-310https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2https://bugs.launchpad.net/pycrypto/+bug/985164http://www.openwall.com/lists/oss-security/2012/05/25/1http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.htmlhttps://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLoghttp://secunia.com/advisories/49263http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.htmlhttp://www.osvdb.org/82279http://www.securityfocus.com/bid/53687https://hermes.opensuse.org/messages/15083589http://www.debian.org/security/2012/dsa-2502http://www.mandriva.com/security/advisories?name=MDVSA-2012:117https://exchange.xforce.ibmcloud.com/vulnerabilities/75871https://usn.ubuntu.com/1484-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook