40 matches found
OPENSUSE-SU-2024:0201-1 Security update for Botan
This update for Botan fixes the following issues: Update to 2.19.5: Fix multiple Denial of service attacks due to X.509 cert processing: CVE-2024-34702 - boo1227238 CVE-2024-34703 - boo1227607 CVE-2024-39312 - boo1227608 Fix a crash in OCB Fix a test failure in compression with certain versions o...
Observable timing discrepancy
Overview Overview Affected versions of jose are vulnerable to a Padding Oracle Attack due to Observable Timing Discrepancy. Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...
GHSA-4V4G-726H-XVFV Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...
GHSA-94HH-PJJG-RWMR Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime
Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...
GHSA-58F5-HFQC-JGCH Padding Oracle Attack due to Observable Timing Discrepancy in jose
jose is an npm library providing a number of cryptographic operations. Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly...
Padding Oracle Attack
jose-node-cjs-runtime is vulnerable to padding oracle attack. The vulnerability exists as decryption did not fail as soon as hmac verification fails, allowing timing information to be measured by running the CBC decryption with various padding length...
CVE-2021-29446
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29445
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
Design/Logic Flaw
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29446 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29445 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29443 Padding Oracle Attack due to Observable Timing Discrepancy in jose
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...
Updated mbedtls packages fix security vulnerabilities
mbedtls 2.16.8 fixes three security vulnerabilities which could affect earlier releases: Local side channel attack on classical CBC decryption in DTLS CVE-2020-16150. Local side channel attack on RSA and static Diffie-Hellman. Protocol weakness in DHE-PSK key exchange...
Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS
Manuel Pégourié-Gonnard reports: When decrypting/authenticating DTLS record in a connection using a CBC ciphersuite without the Encrypt-then-Mac extension RFC 7366, Mbed TLS used dummy rounds of the compression function associated with the hash used for HMAC in order to hide the length of the...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...
SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...