Vulnerabilities

Being:
M - plaintext message
N = p*q = primus number 1 * primus number 2
When encrypting with low encryption exponents (e.g.e=3) and small values of the M, (i.e. m < n^(1/e) ) the result of M^e is strictly less than the modulus n. In this case, ciphertexts can be easily decrypted by taking the th root of the ciphertext over the integers.
Because RSA encryption is a deterministic encryption algorithm (i.e., has no random component) an attacker can successfully launch a chosen plaintext attack against the cryptosystem, by encrypting likely plaintexts under the public key and test if they are equal to the ciphertext. A cryptosystem is called semantically secure if an attacker cannot distinguish two encryptions from each other even if the attacker knows (or has chosen) the corresponding plaintexts. As described above, RSA without padding is not semantically secure.

Wiener’s attack:
Uses the continued fraction method to exploit a mistake made in the use of RSA. This error could be exploited when users are doing transactions using credit card or mobile devices such as phones. The public-key cryptosystem RSA is frequently used for security applications such as email, credit card payments, login network access and so on.