Vulnerability in Infineon's RSA library

Vulnerability in Infineon's RSA library

Reference: CVE-2017-15361
Version: 1.0


The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs. The library is used within Trusted Platform Modules (TPM) and smartcards.

Belgian identity cards are not affected by this vulnerability.


An up-to-date overview of affected vendors can be found on:

The researchers of the vulnerability have published on- and offline tools to verify if your generated RSA key pair is affected:


The RSA private key may be recovered from a victim's public key, by a remote attacker, if the key pair was generated by the Infineon RSA library version 1.02.013.

The vulnerability itself has not yet been disclosed publicly and it is not known to be abused publicly yet.

Recommended Actions

Affected users should check with their manufacturer for firmware updates.

For Windows it is recommended to apply both the September 2017 and October 2017 Security Updates before applying the firmware update.