Back to search
CVE-2021-3798
Published: Aug 23, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | opencryptoki | affected Fixed in v3.17.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1990591
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-3798
x_refsource_MISC
https://github.com/opencryptoki/opencryptoki/pull/402
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now