Vigil@nce: GnuTLS, OpenSSL, data reading via DTLS and CBC
January 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When an exchange uses a DTLS encryption in CBC mode, an attacker
can partially retrieve plain text fragments.
– Severity: 1/4
– Creation date: 09/01/2012
IMPACTED PRODUCTS
– OpenSSL
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The DTLS (Datagram Transport Layer Security) protocol, based on
TLS, provides a cryptographic layer over the UDP protocol.
In CBC mode, an attacker can measure time difference of decryption
computation, in order to retrieve clear text.
When an exchange uses a DTLS encryption in CBC mode, an attacker
can therefore partially retrieve plain text fragments.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/GnuTLS-OpenSSL-data-reading-via-DTLS-and-CBC-11262