SpiderSales shopping card contains a flaw that may lead to an unauthorized information disclosure. The shopping cart does not enforce a minimum length for the private key, while the maximum length of the modulus 'n' is 20 bits. This makes it easy for an attacker to factor n into p and q to obtain the private key d. The private key is also stored in the same table as the public key. In conclusion, attackers may easily obtain the private key by factoring. The end result is a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.