QwikSec

Security Database

CVE

CWE

Training

CVE-2021-40529

Published: Sep 6, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://eprint.iacr.org/2021/923

x_refsource_MISC

https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1

x_refsource_MISC

https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2

x_refsource_MISC

https://github.com/randombit/botan/pull/2790

x_refsource_MISC

FEDORA-2021-14b0d97496

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-8d51cac49f

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.