Vulnerability Note VU#307015
Infineon RSA library does not properly generate RSA key pairs
Overview
The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs, which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library. This vulnerability is often cited as "ROCA" in the media.
Description
CWE-310: Cryptographic Issues - CVE-2017-15361 The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs. As a result, the keyspace required for a brute force search is lessened such that it is feasible to factorize keys under at least 2048 bits and obtain the RSA private key. The attacker needs only access to the victim's RSA public key generated by this library in order to calculate the private key. |
Impact
A remote attacker may be able recover the RSA private key from a victim's public key, if it was generated by the Infineon RSA library. |
Solution
Apply an update |
Replace the device |
Vendor Information (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Atos SE | Affected | 24 Oct 2017 | 24 Oct 2017 |
Dell | Affected | 19 Oct 2017 | 24 Oct 2017 |
Fujitsu | Affected | 16 Oct 2017 | 16 Oct 2017 |
Gemalto AV | Affected | 18 Oct 2017 | 02 Nov 2017 |
Affected | 16 Oct 2017 | 16 Oct 2017 | |
Hewlett Packard Enterprise | Affected | 16 Oct 2017 | 16 Oct 2017 |
Infineon Technologies AG | Affected | 16 Oct 2017 | 24 Oct 2017 |
Lenovo | Affected | 16 Oct 2017 | 16 Oct 2017 |
Microsoft Corporation | Affected | 16 Oct 2017 | 16 Oct 2017 |
Rubrik | Affected | 24 Oct 2017 | 24 Oct 2017 |
Taglio LLC | Affected | - | 02 Nov 2017 |
WinMagic | Affected | 16 Oct 2017 | 16 Oct 2017 |
Yubico | Affected | 16 Oct 2017 | 16 Oct 2017 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 8.8 | AV:N/AC:M/Au:N/C:C/I:C/A:N |
Temporal | 6.9 | E:POC/RL:OF/RC:C |
Environmental | 6.9 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- https://crocs.fi.muni.cz/public/papers/rsa_ccs17
- https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf
- https://github.com/crocs-muni/roca
- https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
- https://blog.cr.yp.to/20171105-infineon.html
- http://cwe.mitre.org/data/definitions/310.html
Credit
This vulnerability was disclosed by Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas.
This document was written by Garret Wassermann.
Other Information
- CVE IDs: CVE-2017-15361
- Date Public: 16 Oct 2017
- Date First Published: 16 Oct 2017
- Date Last Updated: 08 Nov 2017
- Document Revision: 59
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.