QwikSec

Security Database

CVE

CWE

Training

CVE-2021-40530

Published: Sep 6, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://eprint.iacr.org/2021/923

x_refsource_MISC

https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1

x_refsource_MISC

https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2

x_refsource_MISC

FEDORA-2021-8b14da0538

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-a381a721a9

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-6788250ea4

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.