First published: Fri Jan 13 2017(Updated: )
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Matrixssl Matrixssl | <=3.8.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-8671 is classified as a high-severity vulnerability due to its potential to allow remote attackers to predict the secret key.
To fix CVE-2016-8671, upgrade to MatrixSSL version 3.8.7 or later, which contains the necessary security patches.
CVE-2016-8671 affects MatrixSSL versions 3.8.6 and earlier.
CVE-2016-8671 is a cryptographic vulnerability related to improper modular exponentiation.
Attackers can exploit CVE-2016-8671 by leveraging the flawed pstm_exptmod function to potentially predict the secret key.