Invalid Curve Attack Affecting openpgp package, versions <4.2.1


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.77% (82nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Invalid Curve Attack vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JS-OPENPGP-460225
  • published22 Aug 2019
  • disclosed22 Aug 2019
  • creditSEC Consult GmbH

Introduced: 22 Aug 2019

CVE-2019-9155  (opens in a new tab)
CWE-310  (opens in a new tab)

How to fix?

Upgrade openpgp to version 4.2.1 or higher.

Overview

openpgp is a JavaScript implementation of the OpenPGP protocol.

Affected versions of this package are vulnerable to Invalid Curve Attack. It allows an attacker, who is already able provide forged messages and gain feedback about whether decryption of these messages succeeded, to conduct an invalid curve attack in order to gain the victim's ECDH private key.

Details

Elliptic Curve Cryptography (ECC) is used in key exchange protocolsdigital signatures, or for pseudo-random number generators. An elliptic curve in cryptography is a set of points over a finite field satisfying the following equation: y^2 = x^3 + ax + b. On the elliptic curve, a single operation can be executed: point addition.

Elliptic curve Diffie–Hellman (ECDH) is an anonymous key exchange protocol that allows two parties (say, between a client and server) to establish a shared secret over an insecure channel.

An Invalid Curve Attack occurs when a client forces the server to compute a common secret using a point outside of the defined curve. The server may disclose information, allowing a skilled attacker to calculate the secret key.

CVSS Scores

version 3.1