Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:27684
HistoryOct 28, 2020 - 1:01 a.m.

Insecure RSA Decryption (Bleichenbacher Timing Vulnerability)

2020-10-2801:01:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
cryptography
rsa
decryption
bleichenbacher
timing
vulnerability
pkcs#1v1.5
software

EPSS

0.001

Percentile

44.7%

cryptography is using insecure RSA Decryption and is vulnerable to Bleichenbacher Timing Vulnerability. When RSA decryption is used in online scenarios, it does not use RSA PKCS#1v1.5 decryption with constant time, allowing an attacker to passively record traffic and later decrypt it.