DerScanner
Home / Vulnerability Database / Python : Insecure RSA implementation (BERserk attack)
Python

Python : Insecure RSA implementation (BERserk attack)

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure Design
OWASP MASVS
V8: 8.13.(L1+R/L2+R)
OWASP ASVS
Stored CryptographyStored CryptographyStored CryptographyStored CryptographyStored Cryptography
PCI DSS 4.0
3.6.16.2.48.3.2
HIPAA
§164.312 (a)(2)(iv)
CWE
CWE-1032

Overview

The verify function in the RSA package for Python (Python-RSA) before 3.3 is implemented incorrectly. An attacker can spoof signatures with a small public exponent (e.g., 3) via crafted signature padding (BERserk attack).

In order to protect valuable data, use well tested implementations of standard encryption algorithms with sufficiently long keys.

Sensitive Data Exposure vulnerabilities take the third place in the “OWASP Top 10 2017” web-application vulnerabilities ranking.

References

  1. Vulnerability Summary for CVE-2016-1494
  2. Bleichenbacher’06 Signature Forgery in Python-RSA - blog.filippo.io
  3. RSA implementation in Python - stuvel.eu
  4. OWASP Top 10 2017-A3-Sensitive Data Exposure
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
  6. Bleichenbacher’s attack
LOW

DerScanner Severity Score

Do you want to fix Python : Insecure RSA implementation (BERserk attack) in your application?

See also

Python

Python : Debug mode on

Python

Python : Web3: Deprecated method

Python

Python : Unsafe padding