Detections
Analytics

OpenSSL AES Timing Attack

medium Nessus Plugin ID 17769

Language:

Synopsis

The remote server is affected by a timing attack.

Description

S-box lookup can hardly be performed in constant time in AES implementations. Theoretically, remote attackers could recover AES keys by performing a timing attack on these S-box lookup. No practical implementation of a remote attack is known.

Solution

Unknown at this time.

See Also

http://cr.yp.to/antiforgery/cachetiming-20050414.pdf

Plugin Details

Severity: Medium

ID: 17769

File Name: openssl_AES_timing_attack.nasl

Version: 1.3

Type: remote

Family: Web Servers

Published: 1/4/2012

Updated: 7/16/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:openssl:openssl

Required KB Items: Settings/ParanoidReport, openssl/port, Settings/PCI_DSS

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/26/2005

Reference Information

CVE: CVE-2005-1797

BID: 13785