Cryptographic Issues
CVE-2011-1945
Summary
The elliptic curve cryptography (ECC) subsystem in OpenSSL 0_9_8 through 0_9_8r and 1_0_0-beta1 through 1_0_0d, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the "ECDHE_ECDSA" cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
- HIGH
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-310 - Cryptographic Issues
Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.
References
Advisory Timeline
- Published