A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
CPE | Name | Operator | Version |
---|---|---|---|
opencryptoki | lt | 3.23.0 | |
enterprise_linux | eq | 8.0 | |
enterprise_linux | eq | 9.0 |