Vaudenay timing attack in OpenSSL - CVE-2003-0078
Published: August 2, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU258
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2003-0078
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: OpenSSL Software Foundation
Affected software:
OpenSSL
OpenSSL
Detailed vulnerability description
The vulnerability allows a remote attacker to cause an information leak.
The vulnerability exists due to ssl3_get_record in s3_pkt.c does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy). A remote unauthenticated attacker can launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack".
Successful exploitation of this vulnerability may result in disclosure of system information.
The vulnerability exists due to ssl3_get_record in s3_pkt.c does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy). A remote unauthenticated attacker can launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack".
Successful exploitation of this vulnerability may result in disclosure of system information.
How to mitigate CVE-2003-0078
Upgrade your version to OpenSSL 0.9.7a, OpenSSL 0.9.6i.