Timing Side-Channel Vulnerability in Opera Web Browser
CVE-2013-1618

Currently unrated

Key Information:

Vendor: Opera
Status: Opera Browser
Vendor: CVE Published:; 8 February 2013

Summary

The TLS implementation in the Opera web browser versions prior to 12.13 is vulnerable to timing side-channel attacks, particularly during malformed CBC padding processing. This vulnerability arises because the MAC check operation does not effectively consider timing discrepancies, enabling remote attackers to exploit this flaw. By conducting statistical analysis on timing data for specially crafted packets, attackers can potentially conduct distinguishing and plaintext-recovery attacks. This vulnerability highlights significant security weaknesses in the handling of TLS connections in the affected versions of the browser.

References

http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

x_refsource_MISC

http://openwall.com/lists/oss-security/2013/02/05/24

mailing-listx_refsource_MLIST

http://www.opera.com/support/kb/view/1044/

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 8, 2013
Vulnerability Reserved
Feb 5, 2013