CVE-2013-0169

OpenSSL 0.9.8-0.9.8w - Timing Side-Channel Attack via CBC Padding MAC Check

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-0169. PoCs published by wearohat, SwitdnSec.

AI-analyzed exploit summary This is a functional proof-of-concept exploit for CVE-2013-0169 (LUCKY13), a timing attack against CBC-mode padding in cryptographic implementations. It decrypts a target token by measuring response times for padding validation.

Description

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

Exploits (2)

nomisec WORKING POC 2 stars
by wearohat · poc
https://github.com/wearohat/lucky13

This is a functional proof-of-concept exploit for CVE-2013-0169 (LUCKY13), a timing attack against CBC-mode padding in cryptographic implementations. It decrypts a target token by measuring response times for padding validation.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Complex
Reliability
Racy
Target: TLS implementations with vulnerable CBC padding (e.g., OpenSSL before 1.0.1e)
No auth needed
Prerequisites: Python 3.x · requests library · network access to vulnerable server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by SwitdnSec · poc
https://github.com/SwitdnSec/Lucky13-Exploit-Script

This repository contains a Python-based proof-of-concept exploit for CVE-2013-0169 (Lucky13), a timing side-channel vulnerability in TLS/SSL implementations using CBC-mode encryption. The exploit decrypts encrypted data by analyzing response times to crafted padding oracle attacks.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Racy
Target: TLS/SSL implementations vulnerable to CVE-2013-0169 (e.g., OpenSSL, GnuTLS, and other libraries with flawed CBC padding handling)
No auth needed
Prerequisites: Network access to a vulnerable TLS/SSL endpoint · Ability to send multiple crafted requests and measure response times · Vulnerable TLS/SSL implementation (CBC-mode encryption with timing leaks)
mistral-large-3 · analyzed Jul 03, 2026 Full analysis →

References (55)

Core 55
Core References
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2013/02/05/24
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
Third Party Advisory x_refsource_confirm
http://www.matrixssl.org/news.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0587.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA13-051A.html
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55139
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55322
Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20130204.txt
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
Third Party Advisory x_refsource_misc
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2622
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/57778
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1455.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55351
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136396549913849&w=2
Third Party Advisory x_refsource_confirm
https://puppet.com/security/cve/cve-2013-0169
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=137545771702053&w=2
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136432043316835&w=2
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0833.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1735-1
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136439120408139&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/53623
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/737740
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2621
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0783.html
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136733161405818&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55108
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0782.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029190
Third Party Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAHXG
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1456.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT5880
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55350
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf

Scores

EPSS 0.3558
EPSS Percentile 98.3%

Details

CWE
CWE-310
Status published
Products (5)
openssl/openssl 0.9.8 - 0.9.8x
oracle/openjdk 1.6.0 (35 CPE variants)
oracle/openjdk 1.7.0 (12 CPE variants)
polarssl/polarssl 0.10.0
polarssl/polarssl 0.10.1
Published Feb 08, 2013
Tracked Since Feb 18, 2026