Home » CVE Vulnerabilities » CVE-2017-9526

CVE-2017-9526 In Libgcrypt before 1.7.7, an attacker

CVE ID: CVE-2017-9526
Vendors:
Date: June 10, 2017

Severity:
Impact score: 0.00
Exploit score: 0.00

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Our online shop
Top sellers
New Items
Books
Software

Xatrix.org © Copyright 2001-2016, Xatrix Security . All Rights Reserved
We worried for decades about WMDs – Weapons of Mass Destruction. Now it is time to worry about a new kind of WMDs – Weapons of Mass Disruption - John Mariotti

Users login

JOIN XATRIX

CVE-2017-9526 In Libgcrypt before 1.7.7, an attacker

Industry news

Latest advisories

From the forum

Newsletter signup

Free E-books

Contact