Timing Variant of Bleichenbacher Attack in cryptlib's RSA Key Exchange Ciphersuites

Timing Variant of Bleichenbacher Attack in cryptlib's RSA Key Exchange Ciphersuites

CVE-2024-0202 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate.

Learn more about our Cis Benchmark Audit For Microsoft Exchange Server.