EIQ-2020-0014
ID |
EIQ-2020-0014 |
CVE |
|
Description |
cryptography is vulnerable to timing attacks |
Date |
11 Nov 2019 |
Severity |
3 - HIGH |
CVSSv3 score |
7.5 (Snyk score) |
Status |
2.9.0 |
Assessment |
cryptography versions 3.1.1 and earlier are vulnerable to Bleichenbacher timing attacks that leverage the time the RSA decryption API takes to process valid PKCS#1 v1.5 ciphertext. cryptography versions 3.2 addresses the issue by trying to make RSA PKCS#1v1.5 decryption more time-uniform. |
Mitigation |
To mitigate this vulnerability:
|
Affected versions |
2.8.0 and earlier. |
Notes |
For more information, see: This section is not visible to users accessing the public docs, it's for internal reference See also: |
< Back to all security issues and mitigation actions
In release notes 2.9.0