RSA Key Generation Vulnerability Affecting Trusted Platform

Abstract: A vulnerability in a cryptographic library used to generate Rivest-Shamir-Adleman (RSA) encryption keys was recently disclosed. The vulnerability allows recovery of a private key when only possessing a public key. The vulnerable library is included in the firmware of specific Infineon® Trusted Platform Modules (TPM) present in systems produced by a number of Original Equipment Manufacturers (OEM) commonly used in the Department of Defense (DoD). Much of the published guidance focuses on Windows® but the vulnerability is not in Windows®. All systems and devices that include or use the vulnerable library are affected.

Date Published:

Last Reviewed: 24 October 2017

Identifier: IAA U/OO/801084-17

Dissemination Control: N/A

Length: 1 page(s)

Format: pdf

Type: Advisory/Alert; IA Technical Advisory

Tags: Advisory; Vulnerability; cryptographic library; RSA SecurID; Encryption; Key; Trusted Platform Module; Original Equipment Manufacturer (OEM)