prostoalex's Journal: OpenSSL security compromised with forged signatures

OpenSSL security can be compromised by forging digital signatures, according to a Bell Labs researcher. The article quotes OpenSSL advisory: "If an RSA key with exponent 3 is used, it may be possible to forge a PKCS #1 v1.5 signature signed by that key. Since there are (certificate authorities) using exponent 3 in wide use, and PKCS #1 v1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable."