CVE-2012-2417 — Improper Control of Interaction Frequency in Pycrypto

CWE-31011 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

4.1%

top 11.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlitz Pycrypto

Timeline

PublishedJun 17

Latest updateMay 17

Description

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶PyPIdlitz/pycrypto< 2.6+1

▶NVDdlitz/pycrypto2.5+12

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

PyCrypto makes Use of Insufficiently Random Values↗2022-05-17

▶

OSV

PyCrypto makes Use of Insufficiently Random Values↗2022-05-17

▶

OSV

CVE-2012-2417: PyCrypto before 2↗2012-06-17

▶

CVEList

CVE-2012-2417: PyCrypto before 2↗2012-06-17

▶

📋Vendor Advisories

Ubuntu

PyCrypto vulnerability↗2012-06-28

▶

Red Hat

python-crypto: Insecure ElGamal key generation↗2012-04-18

▶

💬Community

Bugzilla

CVE-2012-2662 Certificate System: multiple XSS flaws↗2012-05-30

▶

Bugzilla

CVE-2012-2417 python-crypto: Insecure ElGamal key generation [fedora-all]↗2012-05-25

▶

Bugzilla

CVE-2012-2417 python-crypto: Insecure ElGamal key generation [epel-5]↗2012-05-25

▶

Bugzilla

CVE-2012-2417 python-crypto: Insecure ElGamal key generation↗2012-05-25

▶