ECDSA Signature Vulnerability in Arm Mbed Crypto and Mbed TLS

ECDSA Signature Vulnerability in Arm Mbed Crypto and Mbed TLS

CVE-2019-18222 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

Learn more about our Web Application Penetration Testing UK.