← back
CVE-2011-1945

CVE-2011-1945

EPSS 3.4%
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://eprint.iacr.org/2011/232.pdfhttp://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://secunia.com/advisories/44935https://hermes.opensuse.org/messages/8760466https://hermes.opensuse.org/messages/8764170http://support.apple.com/kb/HT5784http://www.debian.org/security/2011/dsa-2309http://www.kb.cert.org/vuls/id/536044http://www.kb.cert.org/vuls/id/MAPG-8FENZ3http://www.mandriva.com/security/advisories?name=MDVSA-2011:136http://www.mandriva.com/security/advisories?name=MDVSA-2011:137