Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0928 to the following vulnerability: Name: CVE-2010-0928 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0928 Assigned: 20100305 Reference: MISC: http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf Reference: MISC: http://www.networkworld.com/news/2010/030410-rsa-security-attack.html OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
CVE-2010-0928 describes a fault-based attack on OpenSSL where an attacker has precise control over the target system environment in order to be able to introduce faults through power supply manipulation. The Red Hat Security Response Team has rated this issue as having low security impact, as the attack is not a viable threat to OpenSSL as used in Red Hat products.