Journal prostoalex's Journal: OpenSSL security compromised with forged signatures
OpenSSL security can be compromised by forging digital signatures, according to a Bell Labs researcher. The article quotes OpenSSL advisory: "If an RSA key with exponent 3 is used, it may be possible to forge a PKCS #1 v1.5 signature signed by that key. Since there are (certificate authorities) using exponent 3 in wide use, and PKCS #1 v1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable."
OpenSSL security compromised with forged signatures More Login
OpenSSL security compromised with forged signatures
Slashdot Top Deals