FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libtomcrypt -- weak signature scheme with ECC keys

Affected packages
libtomcrypt <= 1.02


VuXML ID a78299e7-9ef3-11da-b410-000e0c2e438a
Discovery 2005-05-01
Entry 2006-02-16

The Secure Science Corporation reports that libtomcrypt is vulnerable to a weak signature scheme. This allows an attacker to create a valid random signature and use that to sign arbitrary messages without requiring the private key.