|
OpenSSL RSA blinding attack
|
|
Secunia Advisory:
|
SA8330
|
|
|
Release Date:
|
2003-03-19
|
|
Last Update:
|
2003-04-11
|
|
Popularity:
|
11,213 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | OpenSSL 0.9.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
OpenSSL has been found vulnerable to a timing attack, which has been proven to be a feasible way to recover the RSA secret from systems running OpenSSL.
The problem is that various queries takes different amounts of processing time, this information can be used to guess the private key.
The attacks has been proven feasible over LANs and high speed internet connections. It is required that the load on the server is low and that the network load is low so that an attacker can measure the time differences.
This attack only requires 300.000 to 1.400.000 queries to the ssl server.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
