|Type||Private key recovery|
An implementation flaw has been discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private keys. When these cryptographic libraries use the private key to create a signature, such as for a TLS or SSH connection, they inadvertently leak information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the private key.
|16 Jun 2018||ASA-201806-10||AVG-719||libgcrypt||High||private key recovery|