CVE-2004-2682 - CERT CVE
ID CVE-2004-2682
Sažetak PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147.
Reference
CVSS
Base: 5.8
Impact: 4.9
Exploitability:8.6
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL NONE
CVSS vektor AV:N/AC:M/Au:N/C:P/I:P/A:N
Zadnje važnije ažuriranje 05-09-2008 - 20:44
Objavljeno 31-12-2004 - 05:00