QwikSec

Security Database

CVE

CWE

Training

CVE-2013-1623

Published: Feb 8, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

x_refsource_MISC

[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_GENTOO

http://www.yassl.com/yaSSL/Blog/Entries/2013/2/5_WolfSSL%2C_provider_of_CyaSSL_Embedded_SSL%2C_releases_first_embedded_TLS_and_DTLS_protocol_fix_for_Lucky_Thirteen_Attack.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.