2 matches found
gnutls: timing side-channel in the RSA-PSK authentication
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
openssl signature forgery
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...