iidaの日記: CVE-2022-26320 Fermat attack
フェルマ法で素因数分解できるRSA公開モジュラス(法)の鍵を生成するプリンタがあり、ウェブ・サーバーとしても機能するらしい。
この脆弱性にCVE-2022-26320という名前が割り当てられたようだ。
脆弱そうな鍵でCSRを作ってみたら、見た目が楽しい。
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = jp, ST = st, L = l, O = o, CN = example.jp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:ab:cd:f0:12:34:56:78:9a:bc:df:01:23:45:
67:89:ab:cd:f0:12:34:56:78:9a:bc:df:01:23:45:
67:89:ab:cd:f0:12:34:56:78:9a:bc:df:01:23:45:
67:89:ab:cd:f0:12:34:56:78:9a:bc:df:01:23:45:
67:89:ab:cd:f0:12:34:56:78:9a:bc:df:01:23:45:
67:89:ab:cd:f0:12:34:56:78:9a:bc:df:01:23:45:
67:89:ab:cd:f0:12:34:56:78:9a:bc:df:01:23:45:
67:89:ab:cd:f0:12:34:56:78:9a:bc:df:01:23:45:
67:2e:13:e4:e7:f4:a0:59:12:dc:ba:98:76:54:32:
0f:ed:cb:a9:87:65:43:20:fe:dc:ba:98:76:54:32:
0f:ed:cb:a9:87:65:43:20:fe:dc:ba:98:76:54:32:
0f:ed:cb:a9:87:65:43:20:fe:dc:ba:98:76:54:32:
0f:ed:cb:a9:87:65:43:20:fe:dc:ba:98:76:54:32:
0f:ed:cb:a9:87:65:43:20:fe:dc:ba:98:76:54:32:
0f:ed:cb:a9:87:65:43:20:fe:dc:ba:98:76:54:32:
0f:ed:cb:a9:87:65:43:20:fe:dc:ba:98:76:54:32:
0f:ed:cb:a9:87:65:43:20:77:96:18:e1:a8:76:70:
bb:a3
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
3d:78:77:62:e2:69:2f:a3:d3:66:b2:45:00:c7:c7:41:dc:09:
44:ba:9a:1a:69:3d:2f:75:7c:18:0c:47:98:f8:b3:6f:87:8f:
53:ba:85:5b:7a:db:fe:61:8e:94:88:a7:77:77:13:1a:ad:0b:
f4:88:8c:63:7e:28:41:61:93:53:aa:b3:bb:bf:15:c3:ab:9b:
a1:00:e6:f0:4c:1f:8a:46:c9:a9:cc:71:30:7d:1e:6e:66:9f:
9b:b8:b1:7f:18:6b:b4:44:ab:6f:cf:ac:b7:cb:b6:f6:5c:10:
dc:8f:0a:64:a1:c8:42:cc:e3:38:0a:48:2b:ca:60:6c:44:37:
b7:c5:f4:f1:f9:d1:b3:13:dd:91:da:97:c2:9f:93:f3:43:ba:
83:1e:93:0d:63:55:6e:28:88:13:2b:af:72:5b:21:e3:75:57:
06:44:e5:d8:c4:c2:bb:37:82:69:9d:54:da:45:1e:a5:b8:86:
58:dc:df:12:fc:0d:cc:5c:a1:01:90:79:47:79:36:2a:2a:72:
9b:1b:af:11:fa:ee:d1:42:f0:b8:f0:9c:70:05:6e:cb:ca:32:
5a:8c:68:46:46:20:6d:44:c3:9f:cf:21:24:31:ff:94:f2:c7:
c6:78:b7:44:87:19:74:03:69:a3:f5:99:b9:56:46:83:37:9d:
c6:20:16:1f
-----BEGIN CERTIFICATE REQUEST-----
MIICjDCCAXQCAQAwRzELMAkGA1UEBhMCanAxCzAJBgNVBAgMAnN0MQowCAYDVQQH
DAFsMQowCAYDVQQKDAFvMRMwEQYDVQQDDApleGFtcGxlLmpwMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiavN8BI0VniavN8BI0VniavN8BI0VniavN8B
I0VniavN8BI0VniavN8BI0VniavN8BI0VniavN8BI0VniavN8BI0VniavN8BI0Vn
iavN8BI0VniavN8BI0VniavN8BI0VniavN8BI0VniavN8BI0VniavN8BI0VnLhPk
5/SgWRLcuph2VDIP7cuph2VDIP7cuph2VDIP7cuph2VDIP7cuph2VDIP7cuph2VD
IP7cuph2VDIP7cuph2VDIP7cuph2VDIP7cuph2VDIP7cuph2VDIP7cuph2VDIP7c
uph2VDIP7cuph2VDIP7cuph2VDIP7cuph2VDIHeWGOGodnC7owIDAQABoAAwDQYJ
KoZIhvcNAQELBQADggEBAD14d2LiaS+j02ayRQDHx0HcCUS6mhppPS91fBgMR5j4
s2+Hj1O6hVt62/5hjpSIp3d3ExqtC/SIjGN+KEFhk1Oqs7u/FcOrm6EA5vBMH4pG
yanMcTB9Hm5mn5u4sX8Ya7REq2/PrLfLtvZcENyPCmShyELM4zgKSCvKYGxEN7fF
9PH50bMT3ZHal8Kfk/NDuoMekw1jVW4oiBMrr3JbIeN1VwZE5djEwrs3gmmdVNpF
HqW4hljc3xL8DcxcoQGQeUd5NioqcpsbrxH67tFC8LjwnHAFbsvKMlqMaEZGIG1E
w5/PISQx/5Tyx8Z4t0SHGXQDaaP1mblWRoM3ncYgFh8=
-----END CERTIFICATE REQUEST-----
CVE-2022-26320 Fermat attack More ログイン