Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2013-0169

Description

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

POC

Reference

- http://www-01.ibm.com/support/docview.wss?uid=swg21644047

- http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

Github

- https://github.com/AKApul/03-sysadmin-09-security

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Artem-Salnikov/devops-netology

- https://github.com/Artem-Tvr/sysadmin-09-security

- https://github.com/FR19/tls-security-checker

- https://github.com/Himangshu30/SECURITY-SCRIPTS

- https://github.com/Justic-D/Dev_net_home_1

- https://github.com/KaeminMoore/Securityscripts

- https://github.com/Kapotov/3.9.1

- https://github.com/Live-Hack-CVE/CVE-2013-1620

- https://github.com/Live-Hack-CVE/CVE-2016-2107

- https://github.com/PS-RANASINGHE/Crypto-Ex---7

- https://github.com/PeterMosmans/security-scripts

- https://github.com/Vainoord/devops-netology

- https://github.com/Valdem88/dev-17_ib-yakovlev_vs

- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14

- https://github.com/WiktorMysz/devops-netology

- https://github.com/alexandrburyakov/Rep2

- https://github.com/alexgro1982/devops-netology

- https://github.com/bysart/devops-netology

- https://github.com/chnzzh/OpenSSL-CVE-lib

- https://github.com/commit0-all-plain/tlslite-ng

- https://github.com/commit0-fillin/tlslite-ng

- https://github.com/derrickhorton/programmatic-vulnerability-remediations

- https://github.com/dmitrii1312/03-sysadmin-09

- https://github.com/eldron/metls

- https://github.com/geon071/netolofy_12

- https://github.com/hrbrmstr/internetdb

- https://github.com/ilya-starchikov/devops-netology

- https://github.com/jquepi/tlslite-ng

- https://github.com/lithekevin/Threat-TLS

- https://github.com/lnick2023/nicenice

- https://github.com/nikolay480/devops-netology

- https://github.com/odolezal/D-Link-DIR-655

- https://github.com/openhands-commit0/tlslite-ng

- https://github.com/pankajkryadav/Hacktivity

- https://github.com/pashicop/3.9_1

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/sahithipriya03/Security-using-python-scripts

- https://github.com/sailfishos-mirror/tlslite-ng

- https://github.com/stanmay77/security

- https://github.com/summitto/tlslite-ng

- https://github.com/sweagent-commit0/tlslite-ng

- https://github.com/test-save-commit0/tlslite-ng

- https://github.com/tlsfuzzer/tlslite-ng

- https://github.com/wearohat/lucky13

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/yellownine/netology-DevOps