OpenSSL ECDSA Timing Attack Local Information Disclosure Vulnerability

OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the Elliptic Curve Digital Signature Algorithm (ECDSA) implementation for curves over binary fields.

Successfully exploiting this issue allows local attackers to gain access to the private key of a TLS server that authenticates with ECDSA signatures and binary curves. Information harvested may aid in further attacks.


Privacy Statement
Copyright 2010, SecurityFocus