Vulnerability in Dlitz Pycrypto

CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.041 (88.8th percentile) — read the EPSS interpretation.

Affected products

Dlitz Pycrypto — versions 1.0.0, 1.0.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

DSA-2502 (vendor-advisory, x_refsource_DEBIAN)
82279 (x_refsource_OSVDB, vdb-entry)
FEDORA-2012-8470 (x_refsource_FEDORA, vendor-advisory)
cve@mitre.org (Exploit, Patch, x_refsource_MISC)
MDVSA-2012:117 (vendor-advisory, x_refsource_MANDRIVA)
53687 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)
FEDORA-2012-8392 (x_refsource_FEDORA, vendor-advisory)
49263 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
FEDORA-2012-8490 (x_refsource_FEDORA, vendor-advisory)