CVE-2010-0928 in OpenSSL
Summary
by MITRE
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/01/2026
The vulnerability identified as CVE-2010-0928 represents a critical security flaw in the OpenSSL implementation running on Gaisler Research LEON3 System-on-Chip hardware deployed on Xilinx Virtex-II Pro Field-Programmable Gate Arrays. This issue stems from the implementation of a Fixed Width Exponentiation algorithm specifically designed for signature calculations within the cryptographic operations. The fundamental weakness lies in the absence of proper signature verification mechanisms before the cryptographic results are returned to calling applications. This design oversight creates a significant attack surface that can be exploited by adversaries with physical proximity to the target system, particularly those capable of manipulating the power supply conditions of the microprocessor.
The technical exploitation of this vulnerability relies on fault injection attacks that leverage modified supply voltage conditions to induce computational errors during the cryptographic signature verification process. When the FWE algorithm executes under abnormal voltage conditions, it produces incorrect results that can be analyzed to extract information about the private key components. This attack methodology aligns with the fault-based attack category and demonstrates how physical proximity attacks can compromise cryptographic security. The vulnerability specifically targets the mathematical operations involved in RSA signature calculations, where the fixed width exponentiation algorithm's deterministic nature makes it susceptible to error analysis when power conditions are manipulated. The attack exploits the fact that without proper signature verification, the system accepts and returns faulty cryptographic results that contain exploitable information about the underlying private key structure.
The operational impact of this vulnerability extends beyond simple cryptographic compromise, as it represents a fundamental failure in the security architecture of embedded systems that rely on hardware-specific cryptographic implementations. Systems deployed in environments where physical access or proximity can be achieved by adversaries pose significant risk, particularly in critical infrastructure, industrial control systems, or military applications where such hardware platforms are commonly deployed. The vulnerability essentially transforms a computational security model into a physical security weakness, where the attacker's ability to manipulate voltage levels provides a direct path to private key recovery. This type of attack is particularly concerning because it operates at the hardware level, bypassing traditional software-based security measures and requiring physical presence or access to the target platform.
Mitigation strategies for CVE-2010-0928 must address both the immediate implementation flaw and the broader security posture of embedded cryptographic systems. The primary recommendation involves implementing proper signature verification mechanisms that validate cryptographic results before returning them to calling applications, which directly addresses the core weakness in the OpenSSL implementation. Additionally, system designers should consider implementing power analysis countermeasures and voltage monitoring systems to detect anomalous conditions that could indicate fault injection attacks. The solution also requires updates to the cryptographic library implementation to either replace the vulnerable FWE algorithm with a more robust variant or incorporate proper error handling and verification procedures. From an operational security perspective, organizations should implement physical security controls to limit access to systems running vulnerable hardware, particularly in environments where adversaries might be able to manipulate power supply conditions. This vulnerability demonstrates the importance of considering side-channel and fault injection attack vectors during the design phase of embedded cryptographic systems, aligning with the principles outlined in the CWE taxonomy for fault injection attacks and the ATT&CK framework's coverage of physical security compromises. The incident underscores the necessity of comprehensive security testing that includes hardware-level attack scenarios rather than focusing solely on software-based vulnerabilities.