PT-2020-16386 · Tlslite Ng · Tlslite-Ng
Tomato42
·
Published
2020-12-21
·
Updated
2020-12-23
·
CVE-2020-26263
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
tlslite-ng versions prior to 0.7.6 and 0.8.0-alpha39
Description
The code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependent, leaking information about the decrypted ciphertext. This affects all TLS servers that enable RSA key exchange and applications that use the RSA decryption API directly.
Recommendations
For versions prior to 0.7.6, update to version 0.7.6 or later.
For versions prior to 0.8.0-alpha39, update to version 0.8.0-alpha39 or later.
As a temporary workaround, consider using different TLS implementations to minimize the risk of exploitation, as the patches depend on Python processing individual bytes in a side-channel free manner, which is known not to be the case.
Exploit
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tlslite-Ng