Covert Timing Channel Vulnerability in RSA BSAFE Crypto-J and SSL-J
CVE-2018-11070

5.9MEDIUM

Key Information:

Vendor
Dell
Status
Rsa Bsafe Crypto-j
Rsa Bsafe Ssl-j
Vendor
CVE Published:
11 September 2018

Summary

RSA BSAFE Crypto-J and SSL-J versions prior to 6.2.4 are susceptible to a Covert Timing Channel vulnerability during PKCS #1 unpadding operations. This vulnerability enables a remote attacker to exploit timing differences in the processing of RSA operations, potentially leading to the recovery of private RSA keys. Properly securing these products is essential to mitigate unauthorized access and protect sensitive data.

Affected Version(s)

RSA BSAFE Crypto-J < 6.2.4

RSA BSAFE SSL-J < 6.2.4

References

http://www.securitytracker.com/id/1041615
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1041614
vdb-entryx_refsource_SECTRACK
https://seclists.org/fulldisclosure/2018/Sep/7
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.