Information Leakage in NSS Affecting RSA Key Exchange and Signature Forgery
CVE-2023-4421

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: NSS
Vendor: CVE Published:; 12 December 2023

Summary

The NSS software contained a vulnerability that allowed attackers to exploit timing side-channels while checking PKCS#1 v1.5 padding. By leveraging this flaw, an attacker could potentially decrypt intercepted RSA-encrypted messages or forge signatures using the victim's key. The vulnerability arises from leaking information through timing differences related to padding validation and encrypted message lengths. The issue has been addressed by the implementation of the implicit rejection algorithm, which ensures NSS responds with a deterministic random message when invalid padding is detected.

Affected Version(s)

NSS < 3.61

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1651411

https://www.mozilla.org/security/advisories/mfsa2023-53/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Aug 18, 2023

Credit

Hubert Kario