GNUTLS-SA-2023-10-23, CVE-2023-5981: timing sidechannel in RSA-PSK key exchange

GNUTLS-SA-2023-10-23, CVE-2023-5981: timing sidechannel in RSA-PSK key exchange

   IT-Security    20. November 2023  |  0

Open Source Security 

Posted by Alan Coopersmith on Nov 20

https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 reports:

A vulnerability was found that the response times to malformed ciphertexts in
RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct
PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected. The issue was
reported in the issue tracker as https://gitlab.com/gnutls/gnutls/-/issues/1511
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

🏳️‍🌈 - © 2023 von Berg Company