Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:3568
HistoryFeb 10, 2017 - 5:59 a.m.

Timing Attacks

2017-02-1005:59:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

OpenSSL is vulnerable to timing attacks. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2 doesn’t check MAC addresses in constant time during the processing of a malformed CBC padding. This is also known as the “Lucky Thirteen” issue.

CPENameOperatorVersion
openssleq1.0.1
openssleq1.0.0

References

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N