{"id":"CVE-2009-1603","details":"src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.","modified":"2025-08-09T19:01:29Z","published":"2009-05-11T16:30:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/35035"},{"type":"ADVISORY","url":"http://secunia.com/advisories/35293"},{"type":"ADVISORY","url":"http://secunia.com/advisories/35309"},{"type":"ADVISORY","url":"http://secunia.com/advisories/36074"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-200908-01.xml"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:123"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2009/1295"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2009/05/08/1"},{"type":"ARTICLE","url":"https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html"},{"type":"ARTICLE","url":"https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html"},{"type":"ARTICLE","url":"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html"},{"type":"ARTICLE","url":"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html"},{"type":"WEB","url":"http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}