Safety vulnerability ID: 35765
The information on this page was manually curated by our Cybersecurity Intelligence Team.
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
Latest version: 2.6.1
Cryptographic modules for Python.
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
MLIST:[debian-lts-announce] 20180215 [SECURITY] [DLA 1283-1] python-crypto security update: https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
MISC:https://github.com/TElgamal/attack-on-pycrypto-elgamal: https://github.com/TElgamal/attack-on-pycrypto-elgamal
MISC:https://github.com/dlitz/pycrypto/issues/253: https://github.com/dlitz/pycrypto/issues/253
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application