CVE-2013-0169

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.3.0 OpenJDK versions prior to 1.3.0 PolarSSL versions prior to 1.3.0

Description The issue concerns the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, which do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding. This allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, also known as the "Lucky Thirteen" issue.

Recommendations For OpenSSL versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. For OpenJDK versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. For PolarSSL versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable protocols until a patch is available.