Vigil@nce - OpenSSL: information disclosure in CBC mode, Lucky 13
February 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can inject wrong encrypted messages in a TLS/DTLS
session in mode CBC, and measure the delay before the error
message reception, in order to progressively guess the clear
content of the session.
Impacted products: Debian, OpenSSL, Slackware
Severity: 1/4
Creation date: 12/02/2013
DESCRIPTION OF THE VULNERABILITY
The bulletin VIGILANCE-VUL-12374 (https://vigilance.fr/tree/1/12374)
describes a vulnerability of TLS/DTLS.
For OpenSSL, the solution VIGILANCE-SOL-28668
(https://vigilance.fr/tree/2/28668) corrected this vulnerability.
However, this solution was not complete.
An attacker can therefore still inject wrong encrypted messages in
a TLS/DTLS session in mode CBC, and measure the delay before the
error message reception, in order to progressively guess the clear
content of the session.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSL-information-disclosure-in-CBC-mode-Lucky-13-12394