FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libtomcrypt -- weak signature scheme with ECC keys

Affected packages
libtomcrypt <= 1.02

Details

VuXML ID a78299e7-9ef3-11da-b410-000e0c2e438a
Discovery 2005-05-01
Entry 2006-02-16

The Secure Science Corporation reports that libtomcrypt is vulnerable to a weak signature scheme. This allows an attacker to create a valid random signature and use that to sign arbitrary messages without requiring the private key.

References

Message 4276CC31.9000307@securescience.net

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.