Zyxel not affected by “RSA-CRT Key Leaks”

 

A recently uncovered vulnerability identified in advisory CVE-2015-5738 known as the “RSA-CRT Key Leaks” exposes a weakness of the Perfect Forward Secrecy (PFS) implementations in the Transport Layer Security (TLS) protocol used to encrypt web communications. The vulnerability could cause HTTPS websites to reveal their private keys and allow unauthorized users to impersonate the HTTPS websites.


Zyxel is well aware of the situation and assures customers that Zyxel products are not affected as the third-party processors used in Zyxel products employ a custom version of OpenSSL with RSA-CRT hardening applied to prevent the vulnerability from happening.

 

Please contact your local sales or service representative if you require further assistance.