OpenSSL security advisory, including yet another CBC padding oracle https://www.openssl.org/news/secadv/20160503.txt …
-
-
Replying to @FiloSottile
The patch for the new OpenSSL CBC padding oracle (CVE-2016-2107) is apparently one line. Looks easy to trigger.https://github.com/openssl/openssl/commit/70428eada9bc4cf31424d723d1f992baffeb0dfb …
2 replies 24 retweets 16 likes -
Replying to @FiloSottile
The vulnerable function has ifdef three levels deep, including many "# if 1" and does both encryption and decryption https://github.com/openssl/openssl/blob/70428eada9bc4cf31424d723d1f992baffeb0dfb/crypto/evp/e_aes_cbc_hmac_sha1.c#L458 …
2 replies 7 retweets 4 likes -
Replying to @FiloSottile
Here's a preliminary analysis of the OpenSSL CBC padding oracle... building a test shouldn't be hard. ;-) https://news.ycombinator.com/item?id=11621038 …
2 replies 16 retweets 13 likes -
Replying to @FiloSottile
OpenSSL vulnerability impact, AFAICT: if a TLS connection uses AES-CBC (and the server has AES-NI), a MitM can decrypt at least 16 bytes.
1 reply 7 retweets 7 likes -
Replying to @FiloSottile
@FiloSottile An attacker can modify the record length in the record header too. I think that mayhelp target other blocks.1 reply 0 retweets 0 likes
@FiloSottile it still takes injected data - there's just more freedom of movement in where the target bytes can be than near end of record.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.