Cryptographic Issues

CVE-2013-1624

Medium

4/10

Summary

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Access Complexity: HIGH
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-310 - Cryptographic Issues

Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.

Advisory Timeline

Published Feb 08, 2013

Cryptographic Issues

CVE-2013-1624

Summary

CWE-310 - Cryptographic Issues

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS