What is the severity of CVE-2010-0928?

CVE-2010-0928 is considered a medium severity vulnerability due to the risk it poses from physically proximate attackers.

How do I mitigate CVE-2010-0928?

To mitigate CVE-2010-0928, upgrade OpenSSL to a version that resolves this vulnerability, starting with versions later than 0.9.8i.

What does CVE-2010-0928 affect?

CVE-2010-0928 affects OpenSSL 0.9.8i running on the Gaisler Research LEON3 SoC and Xilinx Virtex-II Pro FPGA.

What type of attack is enabled by CVE-2010-0928?

CVE-2010-0928 enables attacks that could exploit improper signature verification, potentially leading to unauthorized access.

Is CVE-2010-0928 still a concern today?

While CVE-2010-0928 is an older vulnerability, it remains a concern for legacy systems still using OpenSSL 0.9.8i.

Vulnerability/
CVE-2010-0928

medium

CWE

310

5/3/2010

7/8/2024

CVE-2010-0928

First published: Fri Mar 05 2010(Updated: )

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
OpenSSL libcrypto	=0.9.8i
Gaisler Leon3 SoC
Xilinx Virtex-II Pro FPGA

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-0928?
CVE-2010-0928 is considered a medium severity vulnerability due to the risk it poses from physically proximate attackers.
How do I mitigate CVE-2010-0928?
To mitigate CVE-2010-0928, upgrade OpenSSL to a version that resolves this vulnerability, starting with versions later than 0.9.8i.
What does CVE-2010-0928 affect?
CVE-2010-0928 affects OpenSSL 0.9.8i running on the Gaisler Research LEON3 SoC and Xilinx Virtex-II Pro FPGA.
What type of attack is enabled by CVE-2010-0928?
CVE-2010-0928 enables attacks that could exploit improper signature verification, potentially leading to unauthorized access.
Is CVE-2010-0928 still a concern today?
While CVE-2010-0928 is an older vulnerability, it remains a concern for legacy systems still using OpenSSL 0.9.8i.

collector/nvd-historical
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/weakness
agent/last-modified-date
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
vendor/openssl
canonical/openssl libcrypto
version/openssl libcrypto/0.9.8i
vendor/gaisler
canonical/gaisler leon3 soc
vendor/xilinx
canonical/xilinx virtex-ii pro fpga

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.