CVE-2021-40528: n/a in n/a
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
AI Analysis
Technical Summary
CVE-2021-40528 is a medium-severity cryptographic vulnerability affecting the ElGamal implementation in Libgcrypt versions prior to 1.9.4. Libgcrypt is a widely used cryptographic library that provides various cryptographic building blocks for applications, including OpenPGP implementations. The vulnerability arises due to a flaw in the way ElGamal encryption is handled during interactions between two cryptographic libraries. Specifically, a dangerous combination of parameters — the prime and generator values defined by the receiver's public key, combined with the sender's ephemeral exponents — can lead to a cross-configuration attack. This attack enables an adversary to recover plaintext from encrypted messages, violating confidentiality. The vulnerability is classified under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). The CVSS v3.1 base score is 5.9, reflecting a network attack vector with high attack complexity, no privileges required, no user interaction, and a high impact on confidentiality but no impact on integrity or availability. No known exploits have been reported in the wild, and no patches or vendor-specific product details are provided in the source information. The vulnerability primarily affects cryptographic operations in OpenPGP implementations that rely on Libgcrypt's ElGamal encryption, potentially exposing encrypted communications to plaintext recovery attacks when certain parameter combinations occur.
Potential Impact
For European organizations, this vulnerability poses a risk to the confidentiality of sensitive communications and data protected by OpenPGP implementations using vulnerable versions of Libgcrypt. Organizations relying on encrypted email, secure file transfers, or other cryptographic protocols that utilize ElGamal encryption via Libgcrypt could have their encrypted messages decrypted by attackers exploiting this flaw. This could lead to exposure of intellectual property, personal data protected under GDPR, or confidential business communications. The impact is particularly significant for sectors with high confidentiality requirements such as government agencies, financial institutions, healthcare providers, and critical infrastructure operators. While the vulnerability does not affect integrity or availability, the breach of confidentiality alone can have severe regulatory, reputational, and operational consequences. The medium severity score and the lack of known exploits suggest that exploitation may be complex or require specific conditions, but the potential impact on confidentiality warrants prompt attention.
Mitigation Recommendations
European organizations should first identify whether their systems use Libgcrypt versions prior to 1.9.4, especially in applications handling OpenPGP encryption. Immediate mitigation steps include upgrading Libgcrypt to version 1.9.4 or later, where the vulnerability is addressed. If upgrading is not immediately feasible, organizations should consider disabling or avoiding the use of ElGamal encryption within OpenPGP configurations or switching to alternative cryptographic algorithms not affected by this vulnerability. Additionally, organizations should audit cryptographic parameter configurations to avoid the dangerous combinations of primes, generators, and ephemeral exponents that enable the attack. Monitoring cryptographic libraries and applications for updates and applying patches promptly is critical. Finally, organizations should review encrypted communications for potential exposure and consider re-encrypting sensitive data with secure configurations post-patch.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium
CVE-2021-40528: n/a in n/a
Description
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
AI-Powered Analysis
Technical Analysis
CVE-2021-40528 is a medium-severity cryptographic vulnerability affecting the ElGamal implementation in Libgcrypt versions prior to 1.9.4. Libgcrypt is a widely used cryptographic library that provides various cryptographic building blocks for applications, including OpenPGP implementations. The vulnerability arises due to a flaw in the way ElGamal encryption is handled during interactions between two cryptographic libraries. Specifically, a dangerous combination of parameters — the prime and generator values defined by the receiver's public key, combined with the sender's ephemeral exponents — can lead to a cross-configuration attack. This attack enables an adversary to recover plaintext from encrypted messages, violating confidentiality. The vulnerability is classified under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). The CVSS v3.1 base score is 5.9, reflecting a network attack vector with high attack complexity, no privileges required, no user interaction, and a high impact on confidentiality but no impact on integrity or availability. No known exploits have been reported in the wild, and no patches or vendor-specific product details are provided in the source information. The vulnerability primarily affects cryptographic operations in OpenPGP implementations that rely on Libgcrypt's ElGamal encryption, potentially exposing encrypted communications to plaintext recovery attacks when certain parameter combinations occur.
Potential Impact
For European organizations, this vulnerability poses a risk to the confidentiality of sensitive communications and data protected by OpenPGP implementations using vulnerable versions of Libgcrypt. Organizations relying on encrypted email, secure file transfers, or other cryptographic protocols that utilize ElGamal encryption via Libgcrypt could have their encrypted messages decrypted by attackers exploiting this flaw. This could lead to exposure of intellectual property, personal data protected under GDPR, or confidential business communications. The impact is particularly significant for sectors with high confidentiality requirements such as government agencies, financial institutions, healthcare providers, and critical infrastructure operators. While the vulnerability does not affect integrity or availability, the breach of confidentiality alone can have severe regulatory, reputational, and operational consequences. The medium severity score and the lack of known exploits suggest that exploitation may be complex or require specific conditions, but the potential impact on confidentiality warrants prompt attention.
Mitigation Recommendations
European organizations should first identify whether their systems use Libgcrypt versions prior to 1.9.4, especially in applications handling OpenPGP encryption. Immediate mitigation steps include upgrading Libgcrypt to version 1.9.4 or later, where the vulnerability is addressed. If upgrading is not immediately feasible, organizations should consider disabling or avoiding the use of ElGamal encryption within OpenPGP configurations or switching to alternative cryptographic algorithms not affected by this vulnerability. Additionally, organizations should audit cryptographic parameter configurations to avoid the dangerous combinations of primes, generators, and ephemeral exponents that enable the attack. Monitoring cryptographic libraries and applications for updates and applying patches promptly is critical. Finally, organizations should review encrypted communications for potential exposure and consider re-encrypting sensitive data with secure configurations post-patch.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2021-09-06T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68487f5e1b0bd07c3938f3c3
Added to database: 6/10/2025, 6:54:22 PM
Last enriched: 7/10/2025, 8:34:14 PM
Last updated: 8/1/2025, 4:37:07 AM
Views: 12
Related Threats
CVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.