Vulnerabilities > CVE-2004-2682 - Unspecified vulnerability in Peersec Networks Matrixssl

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

peersec-networks

NVD

Published: 2004-12-31

Updated: 2024-11-20

Summary

PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147.

Vulnerable Configurations

Part	Description	Count
Application	Peersec_Networks Peersec Networks Matrixssl *	1

References

http://www.matrixssl.org/archives/000075.html
http://www.matrixssl.org/archives/000075.html