OpenSSL does not use RSA blinding by default, which allows local and remote malicious users to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
stunnel stunnel 4.02 |
||
openssl openssl 0.9.6i |
||
stunnel stunnel 3.7 |
||
openssl openssl 0.9.6d |
||
openssl openssl 0.9.6 |
||
openssl openssl 0.9.6a |
||
stunnel stunnel 3.14 |
||
stunnel stunnel 3.22 |
||
stunnel stunnel 3.18 |
||
stunnel stunnel 3.20 |
||
stunnel stunnel 4.04 |
||
stunnel stunnel 3.15 |
||
openpkg openpkg 1.1 |
||
stunnel stunnel 3.11 |
||
stunnel stunnel 3.8 |
||
stunnel stunnel 3.21 |
||
openssl openssl 0.9.6e |
||
openssl openssl 0.9.7 |
||
openssl openssl 0.9.6b |
||
stunnel stunnel 3.13 |
||
openssl openssl 0.9.6g |
||
stunnel stunnel 3.17 |
||
openssl openssl 0.9.6h |
||
stunnel stunnel 3.10 |
||
stunnel stunnel 3.16 |
||
stunnel stunnel 3.9 |
||
stunnel stunnel 3.12 |
||
openssl openssl 0.9.7a |
||
openssl openssl 0.9.6c |
||
openpkg openpkg 1.2 |
||
stunnel stunnel 4.0 |
||
openpkg openpkg |
||
stunnel stunnel 4.01 |
||
stunnel stunnel 4.03 |
||
stunnel stunnel 3.19 |