Jason Waddle

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.7 through 0.9.7j OpenSSL versions 0.9.8 through 0.9.8b Description: The issue allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by an RSA key with exponent 3, preventing OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. This could lead to unauthorized access to certificate-protected resources. The vulnerability affects PKCS #1 v1.5 signatures if the exponent of the public key is 3, which is widely used by Certificate Authorities. An attacker will likely exploit this vulnerability to forge signatures without the secret key. Recommendations: For OpenSSL versions 0.9.7 through 0.9.7j, update to version 0.9.7k or later. For OpenSSL versions 0.9.8 through 0.9.8b, update to version 0.9.8c or later. As a temporary workaround, consider restricting the use of RSA keys with exponent 3 until a patch is available.