4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
29.0%
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II
Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain
signature calculations, and does not verify the signature before providing
it to a caller, which makes it easier for physically proximate attackers to
determine the private key via a modified supply voltage for the
microprocessor, related to a “fault-based attack.”
Author | Note |
---|---|
kees | if someone is glitching your powersupply, you’ve got other things to worry about. |