Overview
The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs, which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library.
Description
CWE-310: Cryptographic Issues - CVE-2017-15361
The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs. As a result, the keyspace required for a brute force search is lessened such that it is feasible to factorize keys under at least 2048 bits and obtain the RSA private key. The attacker needs only access to the victim's RSA public key generated by this library in order to calculate the private key.
Note that only RSA key generation is impacted. ECC is unaffected. RSA keys generated by other devices/libraries may also be used safely with this library.
Trusted Platform Modules (TPM) or smartcards may use this RSA library in their products. Infineon has provided a partial list of impacted vendors in a security advisory. Please see our list of impacted vendors below.
The researcher has released a summary of the work. Full details are expected at the ACM CCS conference in November 2017.
Impact
A remote attacker may be able recover the RSA private key from a victim's public key, if it was generated by the Infineon RSA library.
Solution
Apply an update
Check with your device manufacturer for information on firmware updates. A partial list of affected vendors is below.
Alternatively, affected users may use the following workarounds:
Replace the device
Consider replacing the vulnerable device with a non-impacted device.
Generate a new RSA or ECC key pair
ECC keys are not impacted by this vulnerability. Affected users should consider generating a new ECC key pair to replace the vulnerable RSA key pair.
Alternatively, if RSA keys are required, affected users may generate an RSA key pair using different method (e.g., OpenSSL) and then use the new secure RSA key pair with the old device. Only RSA key generation is impacted, not use of secure keys.
4096-bit RSA keys generated by the Infineon library are not known to be practically factorizable at current publication time, but affected users should not rely on this property for the long-term future.
Vendor Information
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Fujitsu | Affected | 16 Oct 2017 | 16 Oct 2017 |
| Affected | 16 Oct 2017 | 16 Oct 2017 | |
| Hewlett Packard Enterprise | Affected | 16 Oct 2017 | 16 Oct 2017 |
| Infineon Technologies AG | Affected | - | 16 Oct 2017 |
| Lenovo | Affected | 16 Oct 2017 | 16 Oct 2017 |
| Microsoft Corporation | Affected | 16 Oct 2017 | 16 Oct 2017 |
| WinMagic | Affected | 16 Oct 2017 | 16 Oct 2017 |
| Yubico | Affected | 16 Oct 2017 | 16 Oct 2017 |
References
- https://crocs.fi.muni.cz/public/papers/rsa_ccs17
- https://github.com/crocs-muni/roca
- https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
- http://cwe.mitre.org/data/definitions/310.html
'취약점 정보2' 카테고리의 다른 글
| TPLINK WPA2 Security (KRACKs) Vulnerability Statement (0) | 2017.10.19 |
|---|---|
| Adobe Security Bulletin (0) | 2017.10.18 |
| wpa2 wifi 취약점 (0) | 2017.10.17 |
| Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse (0) | 2017.10.16 |
| iptime 펌웨어 업데이트 안내 (0) | 2017.10.14 |