OpenSkat VTMF CheckGroup() Randomization Error May Let Remote Users Determine Private Keys
|
|
SecurityTracker Alert ID: 1012181 |
|
SecurityTracker URL: http://securitytracker.com/id/1012181
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 11 2004
|
Impact:
Disclosure of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.1
|
Description:
A vulnerability was reported in the OpenSkat game in the VTMF implementation. The system may create weak keys.
The vendor reported a typographical error in the CheckGroup() function in the VTMF implementation (BarnettSmartVTMF_dlog::CheckGroup). The software does not properly check to make sure the 'p' variable is probably prime. The resulting public key generated using the potentially non-prime 'p' variable may be cryptographically weak, potentially allowing a remote user to factor the pq modulus and determine the private key.
|
Impact:
A remote user may be able to more readily determine keys used in the game.
|
Solution:
The vendor has released a fixed version (2.1), available at:
http://gaos.org/~stamer/openSkat-2.1.tar.gz
|
Vendor URL: www.freshmeat.net/openSkat/ (Links to External Site)
|
Cause:
Randomization error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 11 Nov 2004 01:07:15 -0500
Subject: [none]
|
> A security-related typo was fixed in the function CheckGroup() of the VTMF
> implementation.
|
|
