Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2013-1624

Disclosure Date: February 08, 2013
CVE-2013-1624
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • bouncycastle

Products

  • legion-of-the-bouncy-castle-c#-cryptography-api 0.0,
  • legion-of-the-bouncy-castle-c#-cryptography-api 1.0,
  • legion-of-the-bouncy-castle-c#-cryptography-api 1.1,
  • legion-of-the-bouncy-castle-c#-cryptography-api 1.2,
  • legion-of-the-bouncy-castle-c#-cryptography-api 1.3,
  • legion-of-the-bouncy-castle-c#-cryptography-api 1.4,
  • legion-of-the-bouncy-castle-c#-cryptography-api 1.5,
  • legion-of-the-bouncy-castle-c#-cryptography-api 1.6.1,
  • legion-of-the-bouncy-castle-c#-cryptography-api 1.7,
  • legion-of-the-bouncy-castle-java-crytography-api 1.01,
  • legion-of-the-bouncy-castle-java-crytography-api 1.02,
  • legion-of-the-bouncy-castle-java-crytography-api 1.03,
  • legion-of-the-bouncy-castle-java-crytography-api 1.04,
  • legion-of-the-bouncy-castle-java-crytography-api 1.05,
  • legion-of-the-bouncy-castle-java-crytography-api 1.06,
  • legion-of-the-bouncy-castle-java-crytography-api 1.07,
  • legion-of-the-bouncy-castle-java-crytography-api 1.08,
  • legion-of-the-bouncy-castle-java-crytography-api 1.09,
  • legion-of-the-bouncy-castle-java-crytography-api 1.10,
  • legion-of-the-bouncy-castle-java-crytography-api 1.11,
  • legion-of-the-bouncy-castle-java-crytography-api 1.12,
  • legion-of-the-bouncy-castle-java-crytography-api 1.13,
  • legion-of-the-bouncy-castle-java-crytography-api 1.14,
  • legion-of-the-bouncy-castle-java-crytography-api 1.15,
  • legion-of-the-bouncy-castle-java-crytography-api 1.16,
  • legion-of-the-bouncy-castle-java-crytography-api 1.17,
  • legion-of-the-bouncy-castle-java-crytography-api 1.18,
  • legion-of-the-bouncy-castle-java-crytography-api 1.19,
  • legion-of-the-bouncy-castle-java-crytography-api 1.20,
  • legion-of-the-bouncy-castle-java-crytography-api 1.21,
  • legion-of-the-bouncy-castle-java-crytography-api 1.22,
  • legion-of-the-bouncy-castle-java-crytography-api 1.23,
  • legion-of-the-bouncy-castle-java-crytography-api 1.24,
  • legion-of-the-bouncy-castle-java-crytography-api 1.25,
  • legion-of-the-bouncy-castle-java-crytography-api 1.26,
  • legion-of-the-bouncy-castle-java-crytography-api 1.27,
  • legion-of-the-bouncy-castle-java-crytography-api 1.28,
  • legion-of-the-bouncy-castle-java-crytography-api 1.29,
  • legion-of-the-bouncy-castle-java-crytography-api 1.30,
  • legion-of-the-bouncy-castle-java-crytography-api 1.31,
  • legion-of-the-bouncy-castle-java-crytography-api 1.32,
  • legion-of-the-bouncy-castle-java-crytography-api 1.33,
  • legion-of-the-bouncy-castle-java-crytography-api 1.34,
  • legion-of-the-bouncy-castle-java-crytography-api 1.35,
  • legion-of-the-bouncy-castle-java-crytography-api 1.36,
  • legion-of-the-bouncy-castle-java-crytography-api 1.37,
  • legion-of-the-bouncy-castle-java-crytography-api 1.38,
  • legion-of-the-bouncy-castle-java-crytography-api 1.39,
  • legion-of-the-bouncy-castle-java-crytography-api 1.40,
  • legion-of-the-bouncy-castle-java-crytography-api 1.41,
  • legion-of-the-bouncy-castle-java-crytography-api 1.42,
  • legion-of-the-bouncy-castle-java-crytography-api 1.43,
  • legion-of-the-bouncy-castle-java-crytography-api 1.44,
  • legion-of-the-bouncy-castle-java-crytography-api 1.45,
  • legion-of-the-bouncy-castle-java-crytography-api 1.46,
  • legion-of-the-bouncy-castle-java-crytography-api 1.47
Technical Analysis