Infineon RSA library Security Bypass vulnerability (ROCA)
Original Issue Date: October 18, 2017
Severity Rating: High
- Infineon RSA library v1.02.013 and prior
- Infineon Trusted Platform Module firmware
- Any products using the affected code library "RSA Library version v1.02.013" developed by Infineon Technologies.
- Keys generated with smartcards or embedded devices using the Infineon library
- Devices certified by NIST FIPS 140-2 & CC EAL 5+
A vulnerability has been reported in Infineon RSA library, which could allow an attacker to recover the RSA private key corresponding to an RSA public key generated by the library.
The vulnerability exists in an implementation of RSA key generation due to improper handling of RSA keypair generation by the affected firmware.
Successful exploitation of this vulnerability allows a remote attacker to compute an RSA private key from the value of a public key, within a practical amount of time frame. The private key can then be misused for purposes of impersonation of a legitimate owner, decryption of sensitive messages, forgery of signatures and other related attacks.
Apply appropriate updates as mentioned by various vendors after appropriate testing. Users may get in touch with the vendors for updates.
- Apply the software update if available.
- Replace the device with one without the vulnerable library.
- Generate a secure RSA keypair outside the device (e.g., via the OpenSSL library) and import it to the device.
- Use other cryptographic algorithm such as ECC instead of RSA on affected devices.
- Apply additional risk management within the environment, if the RSA key in use is detected as vulnerable.
- Use key lengths which are not currently impacted (>2048-bits)
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003