PT-2022-3152 · Rambus · Rambus Safezone Basic Crypto Module
Hanno Böck
·
Published
2022-02-28
·
Updated
2024-10-07
·
CVE-2022-26320
CVSS v2.0
9.4
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Rambus SafeZone Basic Crypto Module versions prior to 10.4.0
Description
The issue is related to the generation of RSA keys that can be broken with Fermat's factorization method, allowing efficient calculation of private RSA keys from the public key of a TLS certificate. This is due to the use of insufficiently random values in the CLS PK KeyGenMT() function of the Rambus SafeZone Basic Crypto Module.
Recommendations
For Rambus SafeZone Basic Crypto Module versions prior to 10.4.0, update to version 10.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CLS PK KeyGenMT() function until a patch is available. Avoid using the affected module to generate RSA keys for TLS certificates until the issue is resolved.
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rambus Safezone Basic Crypto Module