Security News > 2023 > February > Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug
Along with those memory bugs, we also reported on a bug dubbed CVE-2022-4304: Timing Oracle in RSA Decryption.
In other words, so-called timing attacks of this sort are always troublesome, even if you might need to send millions or bogus packets and time them all to have any chance at all.
Similar "Oracle" bug in GnuTLS. Well, the same person who reported the fixed-at-last bug timing bug in OpenSSL also reported a similar bug in GnuTLS at about the same time.
Ironically, the timing flaw in GnuTLS appeared in code that was supposed to log timing attack errors in the first place.
As you can see from the code difference below, the programmer was aware that any conditional operation used in checking and dealing with a decryption error might produce timing variations, because CPUs generally take a different amount of time depending on which way your code goes after a "Branch" instruction.
Therefore the coder inserted a matching call to gnutls no log(), which pretends to log an "Attack" when there isn't one, in order to try to even up the time that the code spends in either direction that the if branch instruction can take.
News URL
Related news
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-08 | CVE-2022-4304 | Information Exposure Through Discrepancy vulnerability in multiple products A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. | 5.9 |