Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-18222: Side channel attack on ECDSA — Mbed TLS documentation

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

CVE
#vulnerability#ssl

Mbed TLS

Title

Side channel attack on ECDSA

CVE

CVE-2019-18222

Date

15th January 2020 ( Updated on 27th January 2020 )

Affects

All versions of Mbed TLS and Mbed Crypto

Impact

The private key is recoverable through side channels.

Severity

High

Credit

Alejandro Cabrera Aldaya and Billy Brumley

Vulnerability

Our bignum implementation is not constant time/constant trace, so side channel attacks can retrieve the blinded value, factor it (as it is smaller than RSA keys and not guaranteed to have only large prime factors), and then, by brute force, recover the key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.

Impact

If the adversary is in the position to launch a cache attack, then they may be able to recover the private key.

Resolution

Affected users should upgrade to one of the most recent versions of Mbed TLS, including 2.20.0, 2.16.4 or 2.7.13 or later. Similarly, affected users should upgrade to the most recent version of Mbed Crypto, including 3.0.1 or later.

edit: Earlier, this document falsely stated that Mbed Crypto 3.0.0 fixes this issue. This is not true, Mbed Crypto 3.0.1 is the earliest version with the fix. Users should upgrade to Mbed Crypto 3.0.1 or later.

Workaround

There are no known workarounds.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907