The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs, which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library. This vulnerability is often cited as "ROCA" in the media.
CWE-310: Cryptographic Issues - CVE-2017-15361
The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs. As a result, the keyspace required for a brute force search is lessened such that it is feasible to factorize keys under at least 2048 bits and obtain the RSA private key. The attacker needs only access to the victim's RSA public key generated by this library in order to calculate the private key.
A remote attacker may be able recover the RSA private key from a victim's public key, if it was generated by the Infineon RSA library.
Apply an update
Replace the device
This vulnerability was disclosed by Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas.
This document was written by Garret Wassermann.
|Date First Published:||2017-10-16|
|Date Last Updated:||2017-11-08 20:44 UTC|