oss-sec mailing list archives
CVE Request: python-rsa signature forgery
From: Filippo Valsorda <ml () filippo io>
Date: Tue, 05 Jan 2016 00:30:36 +0000
Hello, please assign a CVE to this signature forgery vulnerability in python-rsa. It allows an attacker to fake signatures for arbitrary messages for any key with low exponent "e" (like the common 3). Writeup: https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/ Fix: https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff Project: https://pypi.python.org/pypi/rsa Thanks, Filippo
Current thread:
- CVE Request: python-rsa signature forgery Filippo Valsorda (Jan 04)
- Re: CVE Request: python-rsa signature forgery cve-assign (Jan 04)