[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-1624Date: (C)2013-02-08   (M)2023-12-22


The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 4.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-57716
SECUNIA-57719
RHSA-2014:0371
RHSA-2014:0372
http://openwall.com/lists/oss-security/2013/02/05/24
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

CPE    47
cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.41
cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.40
cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.34
cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.33
...
CWE    1
CWE-310

© SecPod Technologies