In association with heise online

06 September 2006, 11:50

OpenSSL signatures can be forged

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

OpenSSL may fail to detect forged digital signatures under certain conditions due to an error in the implementation. The flaw affects all systems that use the OpenSSL library, and in particular servers secured with SSL/TLS and VPNs based on SSL/TLS. OpenSSL versions 0.9.7k and 0.9.8c have eliminated the vulnerability.

The security notice from the OpenSSL team states that attacks are only possible if a Certificate Authority (CA) uses an RSA key with the Exponent 3 for X.509 certificates. It does not note how one can determine this concretely, however, and the advisory acknowledges that this kind of key is quite common. An attacker could forge a signature that is admitted as correct, since the OpenSSL implementation does not check whether the RSA signature contains superfluous data. All users should therefore upgrade to the new version. OpenSSL is also releasing patches for versions 0.9.6, 0.9.7, 0.9.8 and 0.9.9 as an alternative.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit