๐ OpenSSL up to 1.0.2o/1.1.0h RSA Key Generation Timing weak encryption
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vuldb.com
A vulnerability has been found in OpenSSL up to 1.0.2o/1.1.0h (Network Encryption Software) and classified as critical. This vulnerability affects an unknown part of the component RSA Key Generation. Upgrading to version 1.0.2p-dev or 1.1.0i-dev eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.openssl.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability. ...