QwikSec

Security Database

CVE

CWE

Training

CVE-2003-0147

Published: Mar 18, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

http://www.openssl.org/news/secadv_20030317.txt

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL

mailing-list

x_refsource_BUGTRAQ

APPLE-SA-2003-03-24

vendor-advisory

x_refsource_APPLE

20030317 [ADVISORY] Timing Attack on OpenSSL

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_MANDRAKE

http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

x_refsource_MISC

vendor-advisory

x_refsource_GENTOO

oval:org.mitre.oval:def:466

vdb-entry

signature

x_refsource_OVAL

OpenPKG-SA-2003.019

vendor-advisory

x_refsource_OPENPKG

vendor-advisory

x_refsource_GENTOO

IMNX-2003-7+-001-01

vendor-advisory

x_refsource_IMMUNIX

20030327 Immunix Secured OS 7+ openssl update

mailing-list

x_refsource_BUGTRAQ

20030313 Vulnerability in OpenSSL

mailing-list

x_refsource_BUGTRAQ

20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_CONECTIVA

third-party-advisory

x_refsource_CERT-VN

20030313 OpenSSL Private Key Disclosure

mailing-list

x_refsource_VULNWATCH

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.