BSA-2017-474
21649
23 December 2018
17 November 2017
Closed
Medium
5.9
N/A
CVE-2017-15361
Summary
Security Advisory ID : BSA-2017-474
Component : Infineon RSA Library
Revision : 2.0: Final
The Infineon RSA library version 1.02.013 in Infineon Trusted Platform Module (TPM) firmware mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. The keyspace required for a brute force search is lessened such that it is feasible to factorize keys under at least 2048 bits and obtain the RSA private key. The attacker needs only access to the victim's RSA public key generated by this library in order to calculate the private key.
Note that only RSA key generation is impacted. ECC is unaffected. RSA keys generated by other devices/libraries may also be used safely with this library.
Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | November 17, 2017 |
2.0 | Updated to Fibre Channel only | December 23, 2018 |