On the just released CVE from Microsoft/NSA, this explanation looks right:
The bug as per zdnet:
Very apposite comment here: does anyone believe such an insane choice would have survived for long if the library was open source?
It really beggars belief that you would not lock down curve parameters.
Also a funny nuance: one often has to explain to people that the choice of generator in a cyclic group "doesn't matter" (all generators are equivalent) - but crucially that is not the same as saying two different participants in a protocol can use different generators!
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!