7.5
CVE-2009-1603
- EPSS 1.09%
- Veröffentlicht 11.05.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:37
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensc-project ≫ Opensc Version0.11.7
Fedoraproject ≫ Fedora Version9
Fedoraproject ≫ Fedora Version10
Fedoraproject ≫ Fedora Version11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.09% | 0.61 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
http://secunia.com/advisories/36074
http://security.gentoo.org/glsa/glsa-200908-01.xml
http://secunia.com/advisories/35035
http://secunia.com/advisories/35293
http://secunia.com/advisories/35309
http://www.mandriva.com/security/advisories?name=MDVSA-2009:123
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
http://www.openwall.com/lists/oss-security/2009/05/08/1
http://www.vupen.com/english/advisories/2009/1295
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html