The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a
large number of sessions that use the same plaintext.
Author | Note |
---|---|
jdstrand | this is a protocol problem not specific to openssl. Using openssl as a placeholder until more information is available marking low for now until more information is available. At present, naive attacks need tens to hundreds of millions of TLS connections. Optimized attacks are not present yet. marking deferred since there is no consensus on what to do (we can’t just disable RC4) |
mdeslaur | marking as ignored since there is no actionable item |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 25.0.1+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | firefox | < 25.0.1+build1-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | firefox | < 25.0.1+build1-0ubuntu0.13.04.1 | UNKNOWN |
ubuntu | 13.10 | noarch | firefox | < 25.0.1+build1-0ubuntu0.13.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:24.1.1+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | thunderbird | < 1:24.1.1+build1-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | thunderbird | < 1:24.1.1+build1-0ubuntu0.13.04.1 | UNKNOWN |
ubuntu | 13.10 | noarch | thunderbird | < 1:24.1.1+build1-0ubuntu0.13.10.1 | UNKNOWN |
blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
cr.yp.to/talks/2013.03.12/slides.pdf
www.isg.rhul.ac.uk/tls/
www.mozilla.org/security/announce/2013/mfsa2013-103.html
launchpad.net/bugs/cve/CVE-2013-2566
nvd.nist.gov/vuln/detail/CVE-2013-2566
security-tracker.debian.org/tracker/CVE-2013-2566
ubuntu.com/security/notices/USN-2031-1
ubuntu.com/security/notices/USN-2032-1
www.cve.org/CVERecord?id=CVE-2013-2566