Lucene search
K

3242 matches found

RedHat Linux
RedHat Linux
added 2003/03/28 1:43 p.m.6 views

security flaw

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

5CVSS7.4AI score0.06393EPSS
Exploits0References4
CERT
CERT
added 2003/03/25 12:0 a.m.91 views

Cryptographic libraries and applications do not adequately defend against timing attacks

Overview Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency...

9.2AI score
Exploits0References10
securityvulns
securityvulns
added 2003/03/22 12:0 a.m.33 views

Open SSL timing attack

Because of timing difference it's possible to distinguish between bad padding and a MAC verification error. It's also possible to recover RSA secret...

4.1AI score
Exploits0References4Affected Software2
FreeBSD Advisory
FreeBSD Advisory
added 2003/03/21 12:0 a.m.6 views

FreeBSD-SA-03:06.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:06.openssl Security Advisory The FreeBSD Project Topic: OpenSSL timing-based SSL/TLS attack Category: crypto Module: openssl Announced: 2003-03-21 Credits:...

5.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2003/03/18 11:1 a.m.13 views

Important: Red Hat Security Advisory: apache, openssl, php security update for Stronghold

Updated versions of Stronghold 3.0 are available to fix a number of vulnerabilities in OpenSSL, Apache, and PHP. Stronghold 3.0 contains a number of open source technologies such as OpenSSL, Apache, and PHP. The following paragraphs describe a number of issues that have been found in versions of...

7.5CVSS7.2AI score0.17413EPSS
Exploits8References2
Debian CVE
Debian CVE
added 2003/03/18 5:0 a.m.32 views

CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

5CVSS8.6AI score0.06393EPSS
Exploits0
securityvulns
securityvulns
added 2003/03/18 12:0 a.m.53 views

[ADVISORY] Timing Attack on OpenSSL

OpenSSL v0.9.7a and 0.9.6i vulnerability ---------------------------------------- Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on. Typically, it will not have been, because it is not easily possible to do so...

5CVSS3AI score0.06393EPSS
Exploits0
securityvulns
securityvulns
added 2003/03/16 12:0 a.m.27 views

QPopper timing attack

Differet timing interval are used for error message in case of wrong username and wrong password...

2AI score
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2003/03/10 3:18 p.m.33 views

Moderate: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages are available that fix a potential timing-based attack. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer SSL v2/...

5CVSS7.2AI score0.13718EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2003/03/06 3:10 p.m.8 views

Moderate: Red Hat Security Advisory: : Updated OpenSSL packages fix timing attack

Updated OpenSSL packages are available that fix a potential timing-based attack. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose...

5CVSS7.2AI score0.13718EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2003/03/03 9:16 a.m.1 views

security flaw

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

5CVSS7.3AI score0.13718EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2003/03/03 9:16 a.m.10 views

Important: Red Hat Security Advisory: apache, openssl, php, tomcat security update for Stronghold

Updated versions of Stronghold 4 cross-platform are available to fix a number of vulnerabilities in OpenSSL, Apache, PHP, and Tomcat. Also included in this update are bug fixes for modproxy and the modauthzldap package. Stronghold 4 cross platform contains a number of open source technologies suc...

7.5CVSS7AI score0.13718EPSS
Exploits7References4
NVD
NVD
added 2003/03/03 5:0 a.m.19 views

CVE-2003-0078

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

5CVSS6AI score0.13718EPSS
Exploits0References20
OSV
OSV
added 2003/03/03 5:0 a.m.1 views

DEBIAN-CVE-2003-0078

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

5CVSS9.2AI score0.13718EPSS
Exploits0References1
OSV
OSV
added 2003/03/03 5:0 a.m.10 views

CVE-2003-0078

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

6AI score
Exploits0References24
FreeBSD Advisory
FreeBSD Advisory
added 2003/02/24 12:0 a.m.4 views

FreeBSD-SA-03:02.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:02.openssl Security Advisory The FreeBSD Project Topic: OpenSSL timing-based SSL/TLS attack Category: core Module: openssl Announced: 2003-02-25 Credits: Brice...

5.8AI score
Exploits0
OSV
OSV
added 2003/02/24 12:0 a.m.25 views

DSA-253 openssl - information leak

Bulletin has no description...

5CVSS8.4AI score0.13718EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/02/20 12:0 a.m.55 views

OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities

According to its banner, the remote host is using a version of OpenSSL older than 0.9.6j or 0.9.7b. This version is vulnerable to a timing-based attack that could allow an attacker to guess the content of fixed data blocks and may eventually be able to guess the value of the private RSA key of th...

7.5CVSS8.2AI score0.13718EPSS
Exploits0References5
OpenSSL
OpenSSL
added 2003/02/19 12:0 a.m.35 views

Vulnerability in OpenSSL CVE-2003-0078

sl3getrecord in s3pkt.c did not perform a MAC computation if an incorrect block cipher padding was used, causing an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading...

9.2AI score0.13718EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2003/02/19 12:0 a.m.47 views

OpenSSL 0.9.7a and 0.9.6i released

From the changelog: Security fix: Vaudenay timing attack on CBC + In ssl3getrecord ssl/s3pkt.c, minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker h...

5CVSS9.2AI score0.13718EPSS
Exploits0
Rows per page
Query Builder