Описание
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the environment.
Отчет
The identified flaw in the Golang crypto/tls library, is assessed as a moderate severity issue rather than important due to several mitigating factors. Although the vulnerability exposes a Timing Side Channel, potentially allowing information retrieval through RSA-based TLS key exchanges, its exploitation demands significant access and expertise. Additionally, while earlier versions implemented RSA blinding to counter timing attacks, the removal of PKCS#1 padding may still leak timing data. However, the practicality of exploiting this flaw is limited, and the transition to a fully constant time RSA implementation in Go 1.20 significantly bolsters security, reducing the risk posed by timing side channels.
Меры по смягчению последствий
No current mitigation is available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-operator-rhel9 | Not affected | ||
| Cost Management Metrics Operator | costmanagement/costmanagement-metrics-rhel8-operator | Not affected | ||
| Cryostat 2 | cryostat-tech-preview/cryostat-rhel8-operator | Affected | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8 | Not affected | ||
| Fence Agents Remediation Operator | fence-agents-remediation-operator-container | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| Logical Volume Manager Storage | lvms4/topolvm-rhel9 | Affected | ||
| Machine Deletion Remediation Operator | machine-deletion-remediation-operator-container | Not affected | ||
| Migration Toolkit for Applications 6 | mta/mta-hub-rhel8 | Will not fix | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-api-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ...
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
7.5 High
CVSS3