> Factoring RSA Keys With TLS Perfect Forward Secrecy
> Florian Weimer
> Red Hat Product Security
> September 2015

[...]

> 3.4.2
> 
> Accidental factors of a corrupted public key
> 
> We observed one rather peculiar factorization of a
> RSA modulus, involving factor 23. What happened
> was that the public key in the X.509 certificate was
> corrupted in some (there was a bit flip, according to
> the server operator), and equation (1) accidentally
> revealed the factor 23.

Please kindly observe proper citation practice. Phuctor observed, refer to it as such.

See also http://trilema.com/2015/on-how-the-factored-4096-rsa-keys-story-was-handled-and-what-it-means-to-you/