Bleichenbacher's Attack Vulnerability in Microchip Libraries for Applications
CVE-2020-20950

5.9MEDIUM

Key Information:

Vendor
Ietf
Status
Public Key Cryptography Standards \#1
Vendor
CVE Published:
19 January 2021

Summary

The vulnerability in Microchip Libraries for Applications allows attackers to exploit Bleichenbacher's oracle attack on RSA encrypted messages with PKCS #1 v1.5 padding. By making a series of calculated queries to a vulnerable server, an attacker can potentially decrypt encrypted ciphertext, leading to unauthorized information disclosure. This vulnerability emphasizes the significance of secure coding practices to protect sensitive data and maintain user trust.

References

http://archiv.infsec.ethz.ch/education/fs08/secsem/bleich...
x_refsource_MISC
http://microchip.com
x_refsource_MISC
https://www.microchip.com/mplab/microchip-libraries-for-a...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.