Skip to main content

Use of a Broken or Risky Cryptographic Algorithm

CVE-2018-0737

Severity Medium
Score 5.9/10

Summary

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. It affects OpenSSL prior to 1.0.2p and 1.1.x prior to 1.1.0i.

  • HIGH
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Advisory Timeline

  • Published