Published: 03/02/2018 Updated: 31/07/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

lib/Crypto/PublicKey/ElGamal.py in PyCrypto up to and including 2.6.1 generates weak ElGamal key parameters, which allows malicious users to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlitz pycrypto
debian debian linux 7.0
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10

Debian Bug report logs - #889998 pycryptodome: CVE-2018-6594 Package: src:pycryptodome; Maintainer for src:pycryptodome is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 9 Feb 2018 21:00:02 UTC Severity: important Tags: fixed ...

Python Crypto could expose sensitive information ...

Weak ElGamal key parameters in PublicKey/ElGamalpy allow attackers to obtain sensitive information by reading ciphertext:lib/Crypto/PublicKey/ElGamalpy in PyCrypto through 261 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (ie, it does not have semantic security in face ...

lib/Crypto/PublicKey/ElGamalpy in PyCrypto through 261 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (ie, it does not have semantic security in face of a ciphertext-only attack) The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal impleme ...

Pulls pip information and OS installed packages and check if the installed version has a registered CVE

Vulnerability_Test_Project Pulls pip information and OS installed packages and check if the installed version has a registered CVE The tool knows how to find relevant CVE for a program and remove rejected CVEs I found this tool very powerful to detect system vulnerable programs versions, although there are some false positives due to the challenges Running time: it took me a

Pass Cli lets you manage your login credentials from the terminal. Password files are saved into Advance Encryption Standard AES256 encrypted files using the user's master password as the encryption key.

Pass Cli Author: Jack Ogina Pass Cli lets you manage your login credentials from the terminal Password files are saved into Advance Encryption Standard AES256 encrypted files using the user's master password as the encryption key Only with the master password used to create the user account can one decrypt password files If you want to know more about how my cipher imp

Pulls pip information and OS installed packages and check if the installed version has a registered CVE

Vulnerability_Test_Project Pulls pip information and OS installed packages and check if the installed version has a registered CVE The tool knows how to find relevant CVE for a program and remove rejected CVEs I found this tool very powerful to detect system vulnerable programs versions, although there are some false positives due to the challenges Running time: it took me a

CWE-326 https://github.com/TElgamal/attack-on-pycrypto-elgamal https://github.com/dlitz/pycrypto/issues/253 https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html https://usn.ubuntu.com/3616-1/https://usn.ubuntu.com/3616-2/https://security.gentoo.org/glsa/202007-62 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889998 https://nvd.nist.gov https://usn.ubuntu.com/3616-2/

CVE-2018-6594

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect