OpenSSL security advisory, including yet another CBC padding oracle https://www.openssl.org/news/secadv/20160503.txt …
@FiloSottile An attacker can modify the record length in the record header too. I think that mayhelp target other blocks.
-
-
@colmmacc I can't get it working in my head since all those bytes would be checked against the padding, but I'm likely wrong. -
@FiloSottile it still takes injected data - there's just more freedom of movement in where the target bytes can be than near end of record.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.