Invalid Curve Attack in openpgp
Moderate severity
GitHub Reviewed
Published
Aug 23, 2019
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Aug 22, 2019
Reviewed
Aug 23, 2019
Published to the GitHub Advisory Database
Aug 23, 2019
Last updated
Feb 1, 2023
Versions of
openpgp
prior to 4.3.0 are vulnerable to an Invalid Curve Attack. The package's implementation of ECDH fails to verify the validity of the communication partner's public key. The package calculates the resulting key secret based on an altered curve instead of the specified elliptic curve. Attackers may exfiltrate the victim's private key by choosing the altered curve. An attack requires the attacker being able to initiate message decryption and record the result. Furthermore the victim's key must offer an ECDH public key.Recommendation
Upgrade to version 4.3.0 or later.
If you are upgrading from a version <4.0.0 it is highly recommended to read the
High-Level API Changes
section of theopenpgp
4.0.0 release: https://github.com/openpgpjs/openpgpjs/releases/tag/v4.0.0References