Side-Channel Attack Against SSL Implementations

vendor:

N/A

by:

SecurityFocus

7.5

CVSS

HIGH

Side-Channel Attack

N/A

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: It is not known if other implementations are vulnerable to this or similar weaknesses. It should be noted that this attack is reportedly difficult to exploit and requires that the adversary be a man-in-the-middle.

2002

Side-Channel Attack Against SSL Implementations

A side-channel attack against implementations of SSL exists that, through analysis of the timing of certain operations, can reveal sensitive information to an active adversary. This information leaked by vulnerable implementations is reportedly sufficient for an adaptive attack that will ultimately obtain plaintext of a target block of ciphertext.

Mitigation:

The information loss was reduced in OpenSSL versions 0.9.6i and 0.9.7a.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6884/info

A side-channel attack against implementations of SSL exists that, through analysis of the timing of certain operations, can reveal sensitive information to an active adversary. This information leaked by vulnerable implementations is reportedly sufficient for an adaptive attack that will ultimately obtain plaintext of a target block of ciphertext.

The information loss was reduced in OpenSSL versions 0.9.6i and 0.9.7a. It is not known if other implementations are vulnerable to this or similar weaknesses.

*It should be noted that this attack is reportedly difficult to exploit and requires that the adversary be a man-in-the-middle. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22264.tar.gz