V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2013-1624
DEB
Medium

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-chann…

CVSS
5.1
Medium
EPSS
0.03
p85
Published
2013-01-01
Updated
2013-01-01
Description

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Tags · CWE
CWE-310
CWE-385
CAPEC-462
Affected products
Bc-java
CVSS vector
AV:N/AC:H/Au:N/C:P/I:P/A:P
Timeline
2013-01-01
Published
2013-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.030 · p85
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
bouncycastleTracked
bouncycastleTracked
bouncycastleTracked
bouncycastleTracked
bouncycastleTracked
bouncycastleTracked
bouncycastleTracked
bouncycastleTracked
bouncycastleTracked
bouncycastleTracked
bouncycastleTracked
bc-java*Tracked
legion-of-the-bouncy-castle-c#-cryptography-api*Tracked
Source databases
DEB
CVE
UBU