Vulnerabilities > CVE-2004-2682 - Cross-Site Scripting vulnerability in MatrixSSL

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

peersec-networks

NVD

Published: 2004-12-31

Updated: 2008-09-05

Summary

PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147.

Vulnerable Configurations

Part	Description	Count
Application	Peersec_Networks Peersec Networks Matrixssl *	1

References

http://www.matrixssl.org/archives/000075.html