Discovered by: Daniel Bleichenbacher
When the RSA keypair had a public exponent of 3, a common implementation error in the PCKS1.5 encoding of X.509 Certificates could be abused to forge signatures from that key. A number of trusted root certificate authorities used 3 for a public exponent and several common SSL implementations including OpenSSL and Firefox were vulnerable to this attack opening up users to SSL interception, phishing, and forged client certificate authentication.