PT-2021-11999 · Relic · Relic

One-W01F

Published

2021-04-07

Updated

2022-07-12

CVE-2020-36315

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: RELIC versions prior to 2020-08-01

Description: The issue allows RSA PKCS#1 v1.5 signature forgery due to inadequate checks of the padding and the first two bytes. This requires a low public exponent, such as 3, which is not the default for generated RSA keys.

Recommendations: For versions prior to 2020-08-01, consider updating to a version released after 2020-08-01 to resolve the issue. As a temporary workaround, avoid using low public exponents, such as 3, for RSA keys.

Exploit

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2020-36315

Affected Products

Relic

PT-2021-11999 · Relic · Relic

CVE-2020-36315

Weakness Enumeration

Related Identifiers

Affected Products

References · 7