mbed TLS -- plaintext recovery vulnerabilities
Details
| VuXML ID |
f4876dd4-9ca8-11e8-aa17-0011d823eebd |
| Discovery |
2018-07-24 |
| Entry |
2018-08-10 |
Simon Butcher reports:
- When using a CBC based ciphersuite, a remote attacker can
partially recover the plaintext.
- When using a CBC based ciphersuite, an attacker with the
ability to execute arbitrary code on the machine under attack
can partially recover the plaintext by use of cache based
side-channels.
References
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.