You are here
The 9 Lives of Bleichenbacher’s CAT
Submitted on 23. January 2019 - 15:22 by rischi.
Last update on 24. January 2019 - 16:34.
Last update on 24. January 2019 - 16:34.
Keywords:
TLS, RSA, Bleichenbacher
Description:
The 9 Lives of Bleichenbacher’s CAT [1] describe cache-based side-channel attack against RSA implementations.
With Airlock WAF 7.1 all RSA key exchange protocols are removed from the default cipher suites and only PFS (Perfect Forward Secrecy) cipher suites for key exchange are available (DH/ECDH).
Older Airlock WAF versions still support RSA key exchange for backward compatibility. Taking into consideration the immense attack complexity (required capabilities for an an attacker) we rate the risk for a practical attack as low. We are not aware of any real-world attacks.
The upcoming Airlock WAF version 7.2 will support TLS version 1.3 which further reduces the risk of similar attacks.
Resolution:
No action required
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
No action required
Reference: