CVE-2021-41117 PoC — Keypair 代码问题漏洞

来源

关联漏洞

标题:Keypair 代码问题漏洞 (CVE-2021-41117)
Description:Keypair是开源的一个软件包。用于纯 JS 生成 RSA PEM 密钥对。 Keypair 存在代码问题漏洞，该漏洞源于。在这个库生成SSH中使用的相同RSA密钥时发现了一个问题。这将意味着库正在生成相同的P、Q(因此是N)值，实际上，RSA-2048键是不可能的。重复地生成相同的值，通常表明随机数生成不好，或者cspring输出处理不好。问题1:随机数差

Description

Private keys generated with vulnerable keypair versions (CVE-2021-41117)

介绍

keypair vulnerable keys (CVE-2021-41117)
========================================

Keys generated with versions of the keypair javascript library
vulnerable to CVE-2021-41117.

Due to bugs in the random number generator this library will
generate certain keys with higher likelyhood. The likelyhood of
generating one of the keys in this repo with a vulnerable version
is around 70%.


t1
--

t1 contains the 256 most common keys. The likelyhood of generating
one of these keys is around 33%.

t2
--

t2 contains 71424 keys that are less common than the keys in t1, but
still appear relatively often. The likelyhood of generating one of
these keys is around 37%.

misc
----

This collection was created by [Hanno Böck](https://hboeck.de) for the
[badkeys](https://badkeys.info) project.

This work was funded in part by Industriens Fond through the CIDI project
(Cybersecure IOT in Danish Industry) and in part by the
[Center for Information Security and Trust (CISAT)](https://cisat.dk/)
at the IT University of Copenhagen, Denmark.

文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看

备注

1. 建议优先通过来源进行访问。

2. 本地 POC 快照面向订阅用户开放；当原始来源失效或无法访问时，本地镜像作为订阅权益的一部分提供。

查看订阅方案 →

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2021-41117 PoC — Keypair 代码问题漏洞

来源

关联漏洞

Description

介绍

文件快照

备注

目标达成感谢每一位支持者 — 我们达成了 100% 目标！