python-rsaproject python-rsa CVE-2020-25658 vulnerability in Python Rsaproject and Other Products
Published on November 12, 2020

product logo product logo product logo
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2020-25658 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.


Products Associated with CVE-2020-25658

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-25658 are published in these products:

Python Rsaproject Python Rsa
 
Red Hat Openstack Platform
 
Fedora Project Fedora
 

Affected Versions

Sybren A. Stüvel python-rsa Version after 3.0 (inclusive) is affected by CVE-2020-25658

Exploit Probability

EPSS
0.23%
Percentile
45.82%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.