A vulnerability in the Botan library could allow a local attacker to access sensitive information on a targeted system.
The vulnerability exists because the affected software improperly leaks information related to the high bits of the secret scalar during Elliptic-curve cryptography (ECC) key generation due to the use of an unblinded Montgomery ladder. An attacker could exploit this vulnerability to conduct efficient brute-force attacks on the generated secret key. A successful exploit could allow the attacker to recover sensitive information which could be used to conduct further attacks.
Randombit has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium