[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0928Date: (C)2010-03-05   (M)2023-12-22


OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 1.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
OSVDB-62808
http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/
http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
http://www.networkworld.com/news/2010/030410-rsa-security-attack.html
http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
openssl-fwe-weak-security(56750)

CPE    1
cpe:/a:openssl:openssl:0.9.8i
CWE    1
CWE-310
OVAL    2
oval:org.secpod.oval:def:844
oval:org.secpod.oval:def:2003186

© SecPod Technologies