The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for…
redhat·CWE-200·Published 2016-02-15
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
La función DH_check_pub_key en crypto/dh/dh_check.c en OpenSSL 1.0.2 en versiones anteriores a 1.0.2f no asegura que los número primos son apropiados para el intercambio de clave Diffie-Hellman (DH), lo que hace que sea más fácil para atacantes remotos descubrir el exponente DH privado mediante la realización de múltiples apretones de mano con un par que eligió un número inapropiado, según lo demostrado por un número en un archivo X9.42.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 2.6 | 4.9 | 2.9 | AV:N/AC:H/Au:N/C:P/I:N/A:N |
| 3.0 | Primary | NVD | 3.7 | 2.2 | 1.4 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |