CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...

CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...

CVE-2019-15703

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual...

CVE-2019-15703

Fortinet FortiOS is affected by CVE-2019-15703 where insufficient entropy in the PRNG (DRBG) can theoretically allow recovery of a long-term ECDSA secret in a TLS client with RSA handshake and mutual ECDSA authentication, via flush+reload side-channel attacks in FortiGate VM models only. The vuln...

Triple Handshake TLS Attacks Target Resumption, Renegotiation

A team of researchers has published a paper that explains a number of attacks against websites and Web-based applications running TLS. The researchers’ techniques do not exploit implementation errors, the most common attack vector against encryption securing online communication, instead focus on...