Insufficient Entropy in RNG Used for ECDSA in Arm Mbed TLS and Arm Mbed Crypto
CVE-2019-16910

5.3MEDIUM

Key Information:

Vendor: Arm
Status: Mbed Crypto; Mbed Tls
Vendor: CVE Published:; 26 September 2019

Summary

Arm Mbed TLS and Arm Mbed Crypto are vulnerable due to the use of a Random Number Generator (RNG) with insufficient entropy for blinding when deterministic ECDSA is enabled. This vulnerability can potentially allow attackers to exploit the RNG weaknesses to recover private keys if the same message is signed multiple times. Versions affected include Mbed TLS prior to 2.19.0 and Mbed Crypto prior to 2.0.0, as well as specific Mbed TLS versions such as 2.7.12 and 2.16.3. Users are urged to upgrade to secure versions to mitigate the risk of side-channel attacks.

References

https://tls.mbed.org/tech-updates/security-advisories/mbe...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2019
Vulnerability Reserved
Sep 26, 2019