Task #12570
Task #12556: Pentest - 2nd Assessment [2021]
Pentest_IBAM - [POTENTIAL] TLS/SSL Timing Side-Channel Attacks, aka the "Lucky Thirteen" Attack [LOW]
Status: | Closed - End of life cycle | Start date: | November 08, 2021 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Nurul Athira Abdul Rahim | % Done: | 100% | |
Category: | Penetration Test Issue | Spent time: | - | |
Target version: | - |
Description
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. The attack is also possible on implementations of SSL 3.0 and TLS 1.0 that incorporate countermeasures to previous padding oracle attacks. Variant attacks may also apply to non-compliant implementations.
As it is not possible to determine whether a specific SSL product, or if a vulnerable version of such a product is active on the endpoint, all SSL endpoints running CBC cipher suites are flagged as potentially vulnerable; as such they should be investigated by the end user.
Solution provided by LGMS :
The following list shows for which version patches were released. Install the patched version or the latest version.
OpenSSL: 1.0.1d, 1.0.0k and 0.9.8y
NSS: 3.14.3
GnuTLS: 2.12.23, 3.0.28 and 3.1.7
PolarSSL: 1.2.5
CyaSSL: 2.5.0
MatrixSSL: 3.4.1
BouncyCastle: 1.48
Oracle (Java): http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html
If patches are not available, configure the server to use GCM ciphers and disable CBC ciphers. In other words, use Authenticated Encryption with Associated Data (AEAD), e.g. AES-GCM, AES-CCM.
'TLSv1.2 Ciphers:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
History
#1 Updated by Nurul Athira Abdul Rahim almost 3 years ago
- Status changed from New - Begin Life Cycle to System Integration Test
- Assignee changed from Chun Feng Lim to Nurul Athira Abdul Rahim
- % Done changed from 0 to 90
In WebSphere we had enforced tls1.2 and disable older tls versions.
#2 Updated by Nurul Athira Abdul Rahim over 2 years ago
- Status changed from System Integration Test to Development / Work In Progress
- Assignee changed from Nurul Athira Abdul Rahim to Najmi Pasarudin
Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
#3 Updated by Najmi Pasarudin over 2 years ago
- Status changed from Development / Work In Progress to System Integration Test
- Assignee changed from Najmi Pasarudin to Nurul Athira Abdul Rahim
Unable to apply fix to staging server due to limited license.
#4 Updated by Nurul Athira Abdul Rahim 7 months ago
- Status changed from System Integration Test to Closed - End of life cycle
- % Done changed from 90 to 100
Closed for this and refer new 2023/2024 pentest report