Yet Another Padding Oracle in OpenSSL CBC Ciphersuites
Blog post from Cloudflare
A new vulnerability has been discovered in OpenSSL/LibreSSL, specifically a padding oracle in CBC mode decryption. This issue is similar to the Lucky13 vulnerability and was found using TLS-Attacker tool developed by Juraj Somorovsky. The vulnerability affects servers with AES-NI instructions and can be exploited to recover at least 16 bytes of data sent repeatedly just before attacker-controlled data, such as HTTP Cookies. CloudFlare websites are protected from this vulnerability, but customers supporting only AES-CBC should upgrade their systems as soon as possible.
No tracked trend matches for this post yet.
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.