3 matches found
CVE-2018-9426
In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin...
SSL Certificate Contains Weak RSA Key (Infineon TPM / ROCA)
At least one of the X.509 certificates sent by the remote host has an RSA key that appears to be generated improperly, most likely by a TPM Trusted Platform Module produced by Infineon Technologies. A third party may be able to recover the private key from the certificate's public key. This may...
CVE-2015-0204
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...