QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2417

Published: Jun 17, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_OSVDB

FEDORA-2012-8470

vendor-advisory

x_refsource_FEDORA

https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2

x_refsource_MISC

vendor-advisory

x_refsource_MANDRIVA

vdb-entry

x_refsource_BID

https://bugs.launchpad.net/pycrypto/+bug/985164

x_refsource_MISC

FEDORA-2012-8392

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

FEDORA-2012-8490

vendor-advisory

x_refsource_FEDORA

[oss-security] 20120524 CVE-2012-2417 - PyCrypto <= 2.5 insecure ElGamal key generation

mailing-list

x_refsource_MLIST

openSUSE-SU-2012:0830

vendor-advisory

x_refsource_SUSE

pycrypto-keys-weak-security(75871)

vdb-entry

x_refsource_XF

https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.