Skip to main content

Cryptographic Issues


Severity Low
Score 3.7/10


The elliptic curve cryptography (ECC) subsystem in OpenSSL 0_9_8 through 0_9_8r and 1_0_0-beta1 through 1_0_0d, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the "ECDHE_ECDSA" cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.

  • HIGH
  • NONE
  • NONE
  • NONE
  • LOW
  • NONE

CWE-310 - Cryptographic Issues

Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.

Advisory Timeline

  • Published