Invalid Point Vulnerability in Development IL ECDH Before 0.2.0

Invalid Point Vulnerability in Development IL ECDH Before 0.2.0

CVE-2022-44310 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

Learn more about our Web Application Penetration Testing UK.