CVE-2018-20187

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.
References
Link Resource
https://botan.randombit.net/news.html Release Notes Vendor Advisory
https://botan.randombit.net/security.html Vendor Advisory
https://github.com/crocs-muni/ECTester Not Applicable Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-08 19:29

Updated : 2024-02-28 17:08


NVD link : CVE-2018-20187

Mitre link : CVE-2018-20187

CVE.ORG link : CVE-2018-20187


JSON object : View

Products Affected

botan_project

  • botan
CWE
CWE-320

Key Management Errors