Timing Attack Vulnerability in InvertibleRWFunction::CalculateInverse Function in libcrypt++ 5.6.2

Timing Attack Vulnerability in InvertibleRWFunction::CalculateInverse Function in libcrypt++ 5.6.2

CVE-2015-2141 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack.

Learn more about our Web Application Penetration Testing UK.