Endpoint Vulnerability

SSL, TLS and DTLS Plaintext Recovery Attack

Description

constant time by making sure that always the same bytes are read andcompared against either the MAC or padding bytes. But it no longerchecked that there was enough data to have both the MAC and paddingbytes.OpenSSL 1.0.2 users should upgrade to 1.0.2hOpenSSL 1.0.1 users should upgrade to 1.0.1tThis issue was reported to OpenSSL on 13th of April 2016 by JurajSomorovsky using TLS-Attacker. The fix was developed by Kurt Roeckxof the OpenSSL development team.

Affected Products

OpenSSL

References

CVE-2013-0169,