Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
OpenSC < 0.11.8 Incorrect RSA Keys Generation Vulnerability
Information
Severity
Severity
Medium
Family
Family
Privilege escalation
CVSSv2 Base
CVSSv2 Base
4.3
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Solution Type
Solution Type
Vendor Patch
Created
Created
14 years ago
Modified
Modified
5 years ago
Summary
This host is installed with OpenSC and is prone to an insecure key generation vulnerability.
Insight
Insight
Security issues are due to, - a tool that starts a key generation with public exponent set to 1, an invalid value that causes an insecure RSA key. - a PKCS#11 module that accepts that this public exponent and forwards it to the card. - a card that accepts the public exponent and generates the rsa key.
Affected Software
Affected Software
OpenSC version prior to 0.11.8 on Linux.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to OpenSC version 0.11.8 or later.