OpenSSL 0.9.x - CBC Error Information Leakage

EDB-ID:

22264

CVE:

2003-0078

EDB Verified:

Author:

Martin Vuagnoux

Type:

remote

Exploit:   /  

Platform:

Linux

Date:

2003-02-19

Vulnerable App: 
source: https://www.securityfocus.com/bid/6884/info

A side-channel attack against implementations of SSL exists that, through analysis of the timing of certain operations, can reveal sensitive information to an active adversary. This information leaked by vulnerable implementations is reportedly sufficient for an adaptive attack that will ultimately obtain plaintext of a target block of ciphertext.

The information loss was reduced in OpenSSL versions 0.9.6i and 0.9.7a. It is not known if other implementations are vulnerable to this or similar weaknesses.

*It should be noted that this attack is reportedly difficult to exploit and requires that the adversary be a man-in-the-middle. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22264.tar.gz
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services