Crypt::DSA Module Vulnerability: Brute-Force Attack on Signature Spoofing and Key Determination

Crypt::DSA Module Vulnerability: Brute-Force Attack on Signature Spoofing and Key Determination

CVE-2011-3599 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.

Learn more about our Web Application Penetration Testing UK.