CVE-2003-0147 — MEDIUM severity vulnerability (OpenSSL does not use RSA blinding by default, which allows l)
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and norm
| CVE ID | CVE-2003-0147 |
|---|---|
| Severity | MEDIUM |
| CVSS score | 5.0 |
| CVSS vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 2003-03-31 |
| Last modified | 2026-04-16 |
| Description | OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →