vulnerability

ROCA: Vulnerable RSA generation from Infineon TPM (CVE-2017-15361)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Oct 16, 2017	Nov 2, 2017	Dec 1, 2017

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Oct 16, 2017

Added

Nov 2, 2017

Modified

Dec 1, 2017

Description

The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs. As a result, the keyspace required for a brute force search is lessened such that it is feasible to factorize keys under at least 2048 bits and obtain the RSA private key. The attacker needs only access to the victim's RSA public key generated by this library in order to calculate the private key.

This is also known as Return of Coppersmith's Attack (ROCA)

Solution

infineon-tpm-cve-2017-15361

References

CVE-2017-15361
https://attackerkb.com/topics/CVE-2017-15361
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report