CVE-2013-0169
OpenSSL 0.9.8-0.9.8w - Timing Side-Channel Attack via CBC Padding MAC Check
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2013-0169. PoCs published by wearohat, SwitdnSec.
AI-analyzed exploit summary This is a functional proof-of-concept exploit for CVE-2013-0169 (LUCKY13), a timing attack against CBC-mode padding in cryptographic implementations. It decrypts a target token by measuring response times for padding validation.
Description
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Exploits (2)
This is a functional proof-of-concept exploit for CVE-2013-0169 (LUCKY13), a timing attack against CBC-mode padding in cryptographic implementations. It decrypts a target token by measuring response times for padding validation.
This repository contains a Python-based proof-of-concept exploit for CVE-2013-0169 (Lucky13), a timing side-channel vulnerability in TLS/SSL implementations using CBC-mode encryption. The exploit decrypts encrypted data by analyzing response times to crafted padding oracle attacks.