OpenBSD ECDSA Signature Calculation Timing Flaw Lets Local Users Obtain Private DSA Keys on the Target System
|
SecurityTracker Alert ID: 1041147 |
SecurityTracker URL: http://securitytracker.com/id/1041147
|
CVE Reference:
CVE-2018-0495
(Links to External Site)
|
Date: Jun 20 2018
|
Impact:
Disclosure of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6.2, 6.3
|
Description:
A vulnerability was reported in OpenBSD. A local user can obtain private keys in certain cases.
The code that performs modular addition in calculating ECDSA signatures does not run in constant time. A local user that can conduct memory-cache side-channel attacks against ECDSA signatures can recover the DSA private key.
This vulnerability is known as "The Return of the Hidden Number Problem" (ROHNP).
The original advisory is available at:
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
Keegan Ryan of NCC Group reported this vulnerability.
|
Impact:
A local user can obtain DSA private keys on the target system.
|
Solution:
The vendor has issued a source code fix, available at:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/015_libcrypto.patch.sig
https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/009_libcrypto.patch.sig
The vendor advisory is available at:
http://www.openbsd.org/errata63.html
|
Vendor URL: www.openbsd.org/errata63.html (Links to External Site)
|
Cause:
State error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|