Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla NSS library TLS timing attacks
Published:24.03.2013
Source:
SecurityVulns ID:12966
Type:library
Threat Level:
5/10
Description:"Lucky Thirteen" attacks are possible
Affected:MOZILLA : nss 3.14
CVE:CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.)
Original documentdocumentUBUNTU, [USN-1763-1] NSS vulnerability (24.03.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod