CVE-2018-6594

CVE: CVE-2018-6594
Published: 2018-02-03T15:29Z
Description Language: en
Description: lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto’s ElGamal implementation.
References:
https://github.com/dlitz/pycrypto/issues/253
https://github.com/TElgamal/attack-on-pycrypto-elgamal
https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html