Endpoint Vulnerability

Microarchitecture timing vulnerability in ECC scalar multiplication


Severity: LowOpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shownto be vulnerable to a microarchitecture timing side channel attack. An attackerwith sufficient access to mount local timing attacks during ECDSA signaturegeneration could recover the private key.This issue does not impact OpenSSL 1.1.1 and is already fixed in the latestversion of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the lowseverity of this issue we are not creating a new release at this time. The 1.0.2mitigation for this issue can be found in commit b18162a7c.OpenSSL 1.1.0 users should upgrade to 1.1.0i.This issue was reported to OpenSSL on 26th October 2018 by Alejandro CabreraAldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri.NoteOpenSSL 1.1.0 is currently only receiving security updates. Support for thisversion will end on 11th September 2019. Users of this version should upgrade toOpenSSL 1.1.1.ReferencesURL for this Security Advisory:https://www.openssl.org/news/secadv/20181112.txtNote: the online version of the advisory may be updated with additional detailsover time.For details of OpenSSL severity classifications please see:https://www.openssl.org/policies/secpolicy.html

Affected Products