FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wolfssl -- leakage of private key information

Affected packages
wolfssl < 3.6.8

Details

VuXML ID 331eabb3-85b1-466a-a2af-66ac864d395a
Discovery 2015-09-17
Entry 2016-01-05

Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions.

References

CVE Name CVE-2015-7744
URL https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
URL https://www.wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.