OSVDB ID: 28549 Title: OpenSSL RSA Key PKCS #1 v1.5 Signature Forgery |
Info |
|
|
Dates |
||||
|
|
Description |
OpenSSL contains a flaw that may allow a malicious user to bypass certain security restrictions. The issue is triggered due to an error within the verification of certain signatures, if an RSA key with exponent 3 is used it may be possible to forge a PKCS #1 v1.5 signature signed by that key. It is possible that the flaw may allow bypassing security restrictions resulting in a loss of integrity. |
Classification |
Location:
Remote / Network Access
Attack Type: Authentication Management, Cryptographic Impact: Loss of Integrity Exploit: Exploit Unknown Disclosure: OSVDB Verified |
Solution |
Upgrade to version 0.9.8c, 0.9.7k or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
Credit |
|