CVE-2018-20187

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.
References
Link Resource
https://github.com/crocs-muni/ECTester Not Applicable Third Party Advisory
https://botan.randombit.net/security.html Vendor Advisory
https://botan.randombit.net/news.html Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*

Information

Published : 2019-03-08 07:29

Updated : 2019-03-12 08:39


NVD link : CVE-2018-20187

Mitre link : CVE-2018-20187

Products Affected
No products.
CWE