OpenSSL AES-NI Padding Oracle MitM Information Disclosure
Low Nessus Plugin ID 91572
SynopsisIt was possible to obtain sensitive information from the remote host with TLS-enabled services.
DescriptionThe remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability due to an error in the implementation of ciphersuites that use AES in CBC mode with HMAC-SHA1 or HMAC-SHA256.
The implementation is specially written to use the AES acceleration available in x86/amd64 processors (AES-NI). The error messages returned by the server allow allow a man-in-the-middle attacker to conduct a padding oracle attack, resulting in the ability to decrypt network traffic.
SolutionUpgrade to OpenSSL version 1.0.1t / 1.0.2h or later.