Primary

Context

Oberon PSA Crypto Library RSA-OAEP Padding Vulnerability

Vulnerability

A vulnerability exists in Oberon microsystems AG's Oberon PSA Crypto library in all versions prior to 1.5.1. The issue arises from the incorrect use of an all-zero seed for RSA-OAEP padding, rather than utilizing generated random bytes. This flaw leads to deterministic RSA encryption, allowing guessable messages to be intercepted, repeated messages to be recognized, and undermining security proofs.

Impact

The vulnerability results in a loss of confidentiality for guessable messages, allowing them to be intercepted and recognized when repeated.

Remediation

Users are advised to upgrade to Oberon PSA Crypto version 1.5.1 or later, where this vulnerability has been addressed.

Added: Aug 29, 2025, 10:16 AM

Updated: Aug 29, 2025, 10:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oberon PSA Crypto Library RSA-OAEP Padding Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating