OpenSSL does not use RSA blinding by default, which allows local and remote malicious users to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openpkg openpkg 1.2 |
||
openssl openssl 0.9.6 |
||
openssl openssl 0.9.6h |
||
openssl openssl 0.9.6i |
||
openssl openssl 0.9.7 |
||
stunnel stunnel 3.15 |
||
stunnel stunnel 3.16 |
||
stunnel stunnel 3.7 |
||
stunnel stunnel 3.8 |
||
openssl openssl 0.9.6c |
||
openssl openssl 0.9.6d |
||
stunnel stunnel 3.11 |
||
stunnel stunnel 3.12 |
||
stunnel stunnel 3.19 |
||
stunnel stunnel 3.20 |
||
stunnel stunnel 4.01 |
||
stunnel stunnel 4.02 |
||
openpkg openpkg |
||
openpkg openpkg 1.1 |
||
openssl openssl 0.9.6e |
||
openssl openssl 0.9.6g |
||
stunnel stunnel 3.13 |
||
stunnel stunnel 3.14 |
||
stunnel stunnel 3.21 |
||
stunnel stunnel 3.22 |
||
stunnel stunnel 4.03 |
||
stunnel stunnel 4.04 |
||
openssl openssl 0.9.6a |
||
openssl openssl 0.9.6b |
||
openssl openssl 0.9.7a |
||
stunnel stunnel 3.10 |
||
stunnel stunnel 3.17 |
||
stunnel stunnel 3.18 |
||
stunnel stunnel 3.9 |
||
stunnel stunnel 4.0 |