CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
94.7%
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
Vendor | Product | Version | CPE |
---|---|---|---|
ssh | tectia_client | * | cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:* |
ssh | tectia_connector | * | cpe:2.3:a:ssh:tectia_connector:*:*:*:*:*:*:*:* |
ssh | tectia_manager | * | cpe:2.3:a:ssh:tectia_manager:*:*:*:*:*:*:*:* |
ssh | tectia_server | * | cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:* |