CVE-2020-28498 - OpenCVE

The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Elliptic Project	Elliptic

Configuration 1 [-]

cpe:2.3:a:elliptic_project:elliptic:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md
https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836
https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2021-02-02T18:50:18.725744Z

Updated: 2024-09-17T02:00:51.979Z

Reserved: 2020-11-12T00:00:00

Link: CVE-2020-28498

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-02T19:15:13.720

Modified: 2021-02-08T17:35:34.447

Link: CVE-2020-28498

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "elliptic", "vendor": "n/a", "versions": [{"status": "affected", "version": "< 6.5.4"}]}], "credits": [{"lang": "en", "value": "Kyle Den Hartog"}], "datePublic": "2021-02-02T00:00:00", "descriptions": [{"lang": "en", "value": "The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Cryptographic Issues", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-03T15:55:12", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"}], "title": "Cryptographic Issues", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-02-02T18:47:27.222372Z", "ID": "CVE-2020-28498", "STATE": "PUBLIC", "TITLE": "Cryptographic Issues"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "elliptic", "version": {"version_data": [{"version_value": "< 6.5.4"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Kyle Den Hartog"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cryptographic Issues"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899", "refsource": "CONFIRM", "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836", "refsource": "CONFIRM", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836"}, {"name": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md", "refsource": "CONFIRM", "url": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md"}, {"name": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f", "refsource": "CONFIRM", "url": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:40:59.244Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-28498", "datePublished": "2021-02-02T18:50:18.725744Z", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-09-17T02:00:51.979Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elliptic_project:elliptic:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "04611CFD-A788-4B0B-BCF1-569C1F90EDA3", "versionEndExcluding": "6.5.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed."}, {"lang": "es", "value": "El paquete elliptic anterior a la versi\u00f3n 6.5.4 es vulnerable a problemas criptogr\u00e1ficos a trav\u00e9s de la implementaci\u00f3n secp256k1 en elliptic/ec/key.js. No hay ninguna comprobaci\u00f3n para confirmar que el punto de la clave p\u00fablica que se pasa a la funci\u00f3n derive existe realmente en la curva secp256k1. Esto resulta en la posibilidad de que la clave privada utilizada en esta implementaci\u00f3n sea revelada despu\u00e9s de realizar una serie de operaciones ECDH"}], "id": "CVE-2020-28498", "lastModified": "2021-02-08T17:35:34.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "report@snyk.io", "type": "Primary"}]}, "published": "2021-02-02T19:15:13.720", "references": [{"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}