Vulnerabilities > CVE-2016-6882 - Key Management Errors vulnerability in Matrixssl
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/08/19/7
- http://www.openwall.com/lists/oss-security/2016/08/19/7
- http://www.securityfocus.com/bid/91488
- http://www.securityfocus.com/bid/91488
- https://access.redhat.com/blogs/766093/posts/1976703
- https://access.redhat.com/blogs/766093/posts/1976703
- https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation
- https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation
- https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
- https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf