You are here

The 9 Lives of Bleichenbacher’s CAT

TLS, RSA, Bleichenbacher

The 9 Lives of Bleichenbacher’s CAT [1] describe cache-based side-channel attack against RSA implementations.

With Airlock WAF 7.1 all RSA key exchange protocols are removed from the default cipher suites and only PFS (Perfect Forward Secrecy) cipher suites for key exchange are available (DH/ECDH).

Older Airlock WAF versions still support RSA key exchange for backward compatibility. Taking into consideration the immense attack complexity (required capabilities for an an attacker) we rate the risk for a practical attack as low. We are not aware of any real-world attacks.

The upcoming Airlock WAF version 7.2 will support TLS version 1.3 which further reduces the risk of similar attacks.


No action required

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required