Net::Dropbear LibTomCrypt Vulnerability in ECDSA Key Extraction

A vulnerability exists in Net::Dropbear versions prior to 0.14, specifically in the handling of LibTomCrypt. This issue allows for a memory-cache side-channel attack on ECDSA signatures, known as the Return Of the Hidden Number Problem (ROHNP). An attacker can exploit this vulnerability to extract ECDSA keys, given access to the local machine or a different virtual machine on the same physical host.

Impact

Exploitation of this vulnerability allows for the extraction of ECDSA private keys, which can lead to the forgery of signatures or public certificates.

Reproduction

The vulnerability can be reproduced by using a version of Net::Dropbear prior to 0.14 that includes LibTomCrypt version 1.18.1 or earlier. The attack involves accessing ECDSA signatures in a way that leverages the memory-cache timing differences to extract private key information.

Remediation

Users can upgrade to Net::Dropbear version 0.14 or later, which addresses this vulnerability by including a patched version of LibTomCrypt that is not susceptible to this type of side-channel attack.