CVE-2013-1623

Name of the Vulnerable Software and Affected Versions CyaSSL versions prior to 2.5.0

Description The issue is related to the TLS and DTLS implementations not properly considering timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding. This allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets.

Recommendations For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue.