MatrixSSL CVE-2004-2682 Cross-Site Scripting Vulnerability

MatrixSSL CVE-2004-2682 Cross-Site Scripting Vulnerability

MatrixSSL is prone to a cross-site scripting vulnerability. PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147.