Vulnerability CVE-2020-12402: Information
Description
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2020-24/ |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1631597 |
|
openSUSE-SU-2020:0953 |
|
openSUSE-SU-2020:0955 |
|
USN-4417-1 |
|
openSUSE-SU-2020:0983 |
|
DSA-4726 |
|
openSUSE-SU-2020:1017 |
|
GLSA-202007-10 |
|
USN-4417-2 |
|
[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update |
|
FEDORA-2020-3ef1937475 | |
FEDORA-2020-16741ac7ff |