CVE-2011-4121
Description
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Ruby's OpenSSL extension (Git trunk 2011-09-01 to 2011-11-03) used a fixed RSA exponent of 1 during private key generation, enabling integrity bypass.
Vulnerability
The OpenSSL extension in Ruby's Git trunk, from version after 2011-09-01 up to 2011-11-03, always set the RSA exponent value to 1 when generating private keys [1][2][4]. This occurred regardless of the intended strength or configuration for RSA key generation, affecting any application relying on the extension to produce strong private RSA keys.
Exploitation
A remote attacker could exploit this vulnerability without authentication simply by triggering private RSA key generation during a protocol handshake or cryptographic operation [1][2]. No special network position or race condition is required; the exponent is systematically set to 1, making any resultant key immediately weak.
Impact
Successful exploitation allows the attacker to bypass or corrupt the integrity of services that depend on strong private RSA keys [1][4]. The effective compromise depends on the service's reliance on the key's security, potentially leading to impersonation, decryption of communications, or signature forgery. The attacker gains no code execution but undermines the cryptographic trust model.
Mitigation
Fixed versions are not explicitly listed in the references; however, the vulnerability window is limited to the Git trunk releases between 2011-09-01 and 2011-11-03. Users were advised to update to a later trunk revision or stable release that corrected the exponent generation [2][4]. No CISA KEV listing is known for this CVE. If using an affected version, regenerate all RSA keys with a fixed version immediately.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- OpenSSL/OpenSSL extension of Ruby (Git trunk)v5Range: versions after 2011-09-01 up to 2011-11-03
Patches
15dd304276ba5Change key generation seq
1 file changed · +1 −1
salt/crypt.py+1 −1 modified@@ -47,7 +47,7 @@ def gen_keys(keydir, keyname, keysize, user=None): priv = '{0}.pem'.format(base) pub = '{0}.pub'.format(base) - gen = RSA.gen_key(keysize, 1, callback=lambda x, y, z: None) + gen = RSA.gen_key(keysize, 65537, callback=lambda x, y, z: None) cumask = os.umask(191) gen.save_key(priv, None) os.umask(cumask)
Vulnerability mechanics
Root cause
"Hardcoded RSA exponent of 1 in key generation makes the generated keys cryptographically worthless."
Attack vector
An attacker can exploit the fact that the RSA private key is generated with exponent `1` instead of a proper public exponent (e.g., 65537). With exponent `1`, the encryption operation is trivially broken — any ciphertext equals the plaintext modulo n, so the key provides no cryptographic integrity or confidentiality. A remote attacker who can observe or interact with services relying on these keys (e.g., Salt master-minion authentication) can bypass integrity checks or decrypt traffic without needing the private key [patch_id=2243778].
Affected code
The vulnerability is in `salt/crypt.py` in the `gen_keys` function. The call `RSA.gen_key(keysize, 1, callback=lambda x, y, z: None)` passes a hardcoded exponent of `1` for RSA key generation [patch_id=2243778].
What the fix does
The patch changes the exponent argument from `1` to `65537` in the `RSA.gen_key()` call inside `salt/crypt.py` [patch_id=2243778]. The value `65537` (0x10001) is the standard, recommended public exponent for RSA; it ensures that the encryption and signature operations are cryptographically sound. Using exponent `1` made the generated keys completely insecure because RSA with `e=1` degenerates to the identity function — the patch closes this by using a proper exponent.
Preconditions
- configThe target service must be using Salt (the affected version) and generating RSA keys via the vulnerable gen_keys function.
- networkThe attacker must have network access to a service that relies on the integrity or confidentiality of the generated RSA keys.
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.openwall.com/lists/oss-security/2013/07/01/1mitrex_refsource_MISC
- access.redhat.com/security/cve/cve-2011-4121mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security-tracker.debian.org/tracker/CVE-2011-4121mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.