A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opencryptoki project opencryptoki |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux 9.0 |