---

CVE-2018-5407 - log back

CVE-2018-5407 created at 25 Sep 2019 19:31:40
Severity	+ Low
Remote	+ Local
Type	+ Private key recovery
Description	+ A vulnerability has been found in the ECC scalar multiplication implementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation, used in e.g. ECDSA and ECDH, has been shown + to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.
References	+ https://www.openssl.org/news/secadv/20181112.txt + https://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0c
Notes