Main Vulnerability Database Vulnerabilities #VU28793

#VU28793 Use of a broken or risky cryptographic algorithm in python-rsa - CVE-2020-13757

Published: June 8, 2020 / Updated: March 7, 2023

Vulnerability identifier: #VU28793

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-13757

CWE-ID: CWE-327

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
python-rsa

Software vendor:
sybrenstuvel

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected software does not detect ciphertext modification during decryption (prepended "0" bytes) in PKCS1_v1_5. A remote attacker gain access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://github.com/sybrenstuvel/python-rsa/issues/146
https://github.com/sybrenstuvel/python-rsa/commit/93af6f2f89a9bf28361e67716c4240e691520f30