The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 prior to 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote malicious users to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 1.0.2a |
||
openssl openssl 1.0.2e |
||
openssl openssl 1.0.2b |
||
openssl openssl 1.0.2c |
||
openssl openssl 1.0.2 |
||
openssl openssl 1.0.2d |
Feet up for the many, head's down and patch for the rest.
OpenSSL maintainers have pushed a pair of patches, crushing a dangerous but uncommon bug that allows HTTPS to be unravelled while also hardening servers against downgrade attacks. Affected servers are open to key recovery attacks only if it runs certain Digital Signature Algorithm and static Diffie-Hellman key exchange subgroups, while running OpenSSL version 1.0.2. The high severity bug (CVE-2016-0701) revealed by Adobe engineer Antonio Sanso and which is fixed in version 1.0.2f. Carnegie Mello...