Security Advisory—VShell®, SecureCRT® and SecureFX® |
||||||||||||||
It is theoretically possible for an attacker to forge RSA signatures when the RSA key has a public exponent of three. |
||||||||||||||
|
Posted: January 18, 2007 Description According to CERT Vulnerability Note VU#845620, "Many RSA implementations may fail to properly verify signatures. Specifically, the verifier may incorrectly parse PKCS-1 padded signatures, ignoring data at the end of a signature. If this data is ignored and a RSA key with a public exponent of three is used, it may be possible to forge the signing key's signature." VShell, SecureCRT, and SecureFX no longer generate keys with a public exponent of three. VShell has an option that disallows keys with a public exponent of three from being used for authentication. SecureCRT and SecureFX warn before a key with a public exponent of three is used for authentication or accepted from a host.
|
VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.
Here you can control cookies using the checkboxes below. Some cookies are essential for the use of our website and cannot be disabled. Others provide a convenience to the user and, if disabled, may reduce the ease of use of our site. Finally, some cookies provide anonymous analytic tracking data that help us provide the user with a richer browsing experience. You can elect to disable these cookies as well.
