Atos SE Information for VU#307015

Infineon RSA library does not properly generate RSA key pairs

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

From SwissSign:

    "Our card manufacturer informed us that the ATOS CardOS 4.x cards and card reading systems used by SwissSign are not affected. The vulnerability mainly affects cards of the CardOS 5.x generation which still under evaluation at SwissSign.

    In addition, there is the possibility for everyone to find out via the link https://keychest.net/roca whether the vulnerability affects the card. If you have any further questions, please do not hesitate to contact us also for a certificate of safety from our card manufacturer."

    If you have feedback, comments, or additional information about this vulnerability, please send us email.