Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   RSA BSAFE Crypto-C Vendors:   RSA
(RSA Issues Fix for BSAFE SSL-C) OpenSSL TLS/DTLS CBC Mode Oracle Padding Lets Remote Users Recover Plaintext
SecurityTracker Alert ID:  1028689
SecurityTracker URL:
CVE Reference:   CVE-2013-0169   (Links to External Site)
Date:  Jun 20 2013
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 2.8.7
Description:   A vulnerability was reported in OpenSSL. A remote user can recover plaintext in certain cases. RSA BSAFE SSL-C is affected.

A remote user with the ability to conduct a man-in-the-middle attack against TLS or DTLS protected connections can recover the original plaintext when CBC-mode encryption is used.

A user with low latency access to the target server's network can send specially crafted encrypted data and monitor the response timing to determine the plaintext contents of the data. For certain message lengths where the HMAC-SHA1 MAC algorithm is used, TLS messages containing at least two bytes of correct padding will be processed slightly faster than TLS messages containing one byte of correct padding or padding that is incorrectly formatted. By analyzing the timing variations over a large number of connections, the original plaintext can be determined.

This attack is known as the 'Lucky Thirteen' attack.

The vulnerability resides in the TLS/DTLS protocol specification rather than in the specific OpenSSL implementation. Many other implementations are affected.

The original advisory is available at:

Nadhem J. AlFardan and Kenneth G. Paterson of the Information Security Group Royal Holloway, University of London, reported this vulnerability.

Impact:   A remote user can recover plaintext.
Solution:   RSA has issued a fix for RSA BSAFE SSL-C (2.8.7).

RSA has issued advisory ESA-2013-045.

Vendor URL: (Links to External Site)
Cause:   Access control error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Feb 5 2013 OpenSSL TLS/DTLS CBC Mode Oracle Padding Lets Remote Users Recover Plaintext

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC