Various implementations of RSA may contain a vulnerability that could allow an attacker to retrieve encryption keys.
Some implementations of RSA may contain a vulnerability that could allow a local attacker to retrieve encryption keys.
OpenSSL is a widely used open source implementation of the SSL and TLS protocols. OpenSSL is based on the SSLeay library. OpenSSL provides support for the RSA encryption algorithm. Note that vendors may include a vulnerable version of OpenSSL in web servers, VPN, or other products.
An attacker could possibly decrypt messages that were encrypted with OpenSSL using RSA algorithm.
Apply a patch
Thanks to Dr. Onur Aciicmez, Samsung Information Systems America, Samsung Electronics R&D Center, USA, and Prof. Werner Schindler, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany for reporting this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2007-08-01|
|Date Last Updated:||2007-08-28 14:18 UTC|