CVE-2009-1603

HIGH

OpenSC 0.11.7 - Cleartext Storage of Sensitive Information via RSA Key Generation

Title source: llm
STIX 2.1

Description

src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.

References (13)

Core 13
Core References
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1295
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35293
Mailing List, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/05/08/1
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36074
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:123
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35035
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200908-01.xml
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35309

Scores

CVSS v3 7.5
EPSS 0.0109
EPSS Percentile 61.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-312
Status published
Products (4)
fedoraproject/fedora 9
fedoraproject/fedora 10
fedoraproject/fedora 11
opensc-project/opensc 0.11.7
Published May 11, 2009
Tracked Since Feb 18, 2026