Homepage
About Snyk

Missing Encryption of Sensitive Data Affecting ecdsa package, versions [0,]

Severity

 Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-ECDSA-6219992
  • published 1 Feb 2024
  • disclosed 1 Feb 2024
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 1 Feb 2024

CVE NOT AVAILABLE CWE-311 Open this link in a new tab

How to fix?

There is no fixed version for ecdsa.

Overview

ecdsa is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve Digital Signature Algorithm), implemented purely in Python, released under the MIT license.

Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to insufficient protection. For a sophisticated attacker observing just one operation with a private key will be sufficient to completely reconstruct the private key.

Note: Fixes for side-channel vulnerabilities will not be developed.

References

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
7.4 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    None