CVE-2020-28498
Cryptographic Issues vulnerability in elliptic
What is CVE-2020-28498 About?
This vulnerability is a Cryptographic Issue in the `elliptic` npm package, specifically in its `secp256k1` implementation, where it fails to validate if a public key point exists on the curve. This omission can lead to the exposure of the private key used in ECDH operations after a sufficient number of operations. Exploitation is complex, requiring specific conditions and a series of interactions.
Affected Software
Technical Details
The `elliptic` npm package, in versions prior to 6.5.4, contains a cryptographic vulnerability within its `secp256k1` implementation, located in `elliptic/ec/key.js`. The `derive` function, which is critical for Elliptic Curve Diffie-Hellman (ECDH) key derivation, lacks a crucial validation step: it does not verify whether the provided public key point actually lies on the `secp256k1` curve. An attacker could potentially supply malformed public keys that are off-curve points. By performing a series of ECDH operations with such crafted points, an adversary could exploit mathematical properties to deduce the private key associated with the `elliptic` library's implementation.
What is the Impact of CVE-2020-28498?
Successful exploitation may allow attackers to recover private cryptographic keys, compromise secure communications, and impersonate legitimate users or services.
What is the Exploitability of CVE-2020-28498?
Exploitation of this vulnerability is highly complex, requiring an attacker to understand the specifics of ECDH and off-curve point attacks. There are no explicit authentication or privilege requirements, but the attacker must be able to influence or participate in ECDH key exchange operations where the vulnerable `elliptic` library is used. This could be a remote attack if the ECDH operations are exposed. The primary prerequisite is the ability to send malformed public key points to the target. Multiple ECDH operations are typically required to accumulate enough leakage to reconstruct the private key, making it a stateful and potentially time-consuming attack. The specific implementation details of how public keys are handled and validated are critical factors.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-28498?
About the Fix from Resolved Security
The patch checks that the supplied public key is a valid curve point before performing the ECDH derive operation, preventing the use of invalid or malicious points. This fixes CVE-2020-28498 by blocking twist attacks, where an attacker could supply a crafted point to leak private key information during key agreement.
Available Upgrade Options
- elliptic
- <6.5.4 → Upgrade to 6.5.4
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836
- https://nvd.nist.gov/vuln/detail/CVE-2020-28498
- https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f
- https://osv.dev/vulnerability/GHSA-r9p9-mrjm-926w
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899
- https://www.npmjs.com/package/elliptic
- https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836
- https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f
What are Similar Vulnerabilities to CVE-2020-28498?
Similar Vulnerabilities: CVE-2019-14275 , CVE-2016-10006 , CVE-2016-10007 , CVE-2020-13600 , CVE-2022-35921
