CVE-2018-6594

Name of the Vulnerable Software and Affected Versions PyCrypto versions prior to 2.6.2 Python-crypto (affected versions not specified)

Description The issue is related to the generation of weak key parameters in the ElGamal implementation. This allows a remote attacker to obtain sensitive information by reading encrypted data, as the implementation does not have semantic security against a ciphertext-only attack. The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Recommendations For PyCrypto versions prior to 2.6.2, consider updating to a version that addresses the weak key parameter generation issue. As a temporary workaround, consider restricting the use of the ElGamal key parameters generation function in lib/Crypto/PublicKey/ElGamal.py until a patch is available.