D. Boneh, A. Joux, and Q. Nguyen showed that textbook RSA is susceptible to meet-in-the-middle attacks. Given , the following conditions must hold for the attack to be feasible:
rsa-meet-in-middle.c and rsa-meet-in-middle-parallelized.c are sample implementations in C and depend on GMP.
[1] Boneh, Dan, Antoine Joux, and Phong Q. Nguyen. "Why textbook ElGamal and RSA encryption are insecure." International Conference on the Theory and Application of Cryptology and Information Security. Springer, Berlin, Heidelberg, 2000. https://doi.org/10.1007/3-540-44448-3_3