CVE-2018-6594 — Inadequate Encryption Strength in Pycrypto
Severity
7.5HIGHNVD
EPSS
0.8%
top 25.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 3
Latest updateJul 9
Description
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10
🔴Vulnerability Details
4📋Vendor Advisories
5💬Community
3Bugzilla▶
CVE-2018-6594 python-crypto: Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext [fedora-all]↗2018-02-06
Bugzilla▶
CVE-2018-6594 python-crypto: Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext [epel-all]↗2018-02-06
Bugzilla▶
CVE-2018-6594 python-crypto: Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext↗2018-02-06