Changes between Version 1 and Version 2 of SecurityAnnouncement-f375aa67cc


Ignore:
Timestamp:
04/10/13 12:04:52 (11 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • SecurityAnnouncement-f375aa67cc

    v1 v2  
    11= Exploit summary =
    22
    3 OpenVPN 2.3.0 and earlier are subject to a potential timing-based side-channel attack, which is made possible by a non-constant-time HMAC comparison function. Plaintext recovery is possible using a padding oracle attack, optimistically at a rate of about one character per 3 hours. OpenVPN with PolarSSL is vulnerable; the vulnerability of OpenSSL-based OpenVPN has not been verified or tested.
     3OpenVPN 2.3.0 and earlier running in UDP mode with a CBC mode cipher are subject to a chosen ciphertext attack due to non-constant-time HMAC comparison function. Plaintext recovery is possible using a using a padding oracle attack, optimistically at a rate of about one character per 3 hours. OpenVPN with PolarSSL is vulnerable; the vulnerability of OpenSSL-based OpenVPN has not been verified or tested.
    44
    5 The [https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee fix] for this attack makes the affected function constant-time and thus prevents this exploit.
    6 
    7 = Requirements =
    8 
    9 Successful attack requires that
    10 
    11  * OpenVPN is running in UDP mode with a CBC mode cipher
    12  * The attacker must be able to measure the processing time of the packets
    13 
    14 The feasibility of attack is increased significantly if encryption and/or authentication is disabled.
    15  
    16 = Mitigating factors =
     5= Severity =
    176
    187OpenVPN servers are typically configured to silently drop packets with the wrong HMAC. For this reason measuring the processing time of the packets is not trivial without a MITM position. In practice, the attack likely needs some target-specific information to be effective.
     8
     9The severity of this vulnerability can be considered low.
    1910
    2011= Affected versions =
    2112
    2213OpenVPN 2.3.0 and earlier are vulnerable. A fix ([https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee commit f375aa67cc]) is included in OpenVPN 2.3.1 and later.
     14
     15