lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCryptos ElGamal implementation.
Weakness
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pycrypto | Dlitz | * | 2.6.1 (including) |
| Pycryptodome | Ubuntu | artful | * |
| Pycryptodome | Ubuntu | bionic | * |
| Pycryptodome | Ubuntu | devel | * |
| Pycryptodome | Ubuntu | esm-infra/bionic | * |
| Python-crypto | Ubuntu | artful | * |
| Python-crypto | Ubuntu | bionic | * |
| Python-crypto | Ubuntu | devel | * |
| Python-crypto | Ubuntu | esm-infra-legacy/trusty | * |
| Python-crypto | Ubuntu | esm-infra/bionic | * |
| Python-crypto | Ubuntu | esm-infra/xenial | * |
| Python-crypto | Ubuntu | trusty | * |
| Python-crypto | Ubuntu | trusty/esm | * |
| Python-crypto | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/112.html
- https://cwe.mitre.org/data/definitions/192.html
- https://cwe.mitre.org/data/definitions/20.html
References
- https://github.com/TElgamal/attack-on-pycrypto-elgamal
- https://github.com/dlitz/pycrypto/issues/253
- https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
- https://security.gentoo.org/glsa/202007-62
- https://usn.ubuntu.com/3616-1/
- https://usn.ubuntu.com/3616-2/
- https://github.com/TElgamal/attack-on-pycrypto-elgamal
- https://github.com/dlitz/pycrypto/issues/253
- https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
- https://security.gentoo.org/glsa/202007-62
- https://usn.ubuntu.com/3616-1/
- https://usn.ubuntu.com/3616-2/