CVE-2020-25657

Name of the Vulnerable Software and Affected Versions: m2crypto versions prior to the fixed version

Description: A flaw was found in m2crypto, where it is vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. This issue is related to the Bleichenbacher attack, which was first discovered in 1998 and has been revisited in recent research, showing that many software implementations of the PKCS #1 v1.5 scheme for RSA key exchange are vulnerable. The attack allows an attacker to decrypt messages and forge signatures by measuring the time it takes for a server to process specially crafted encrypted texts.

Recommendations: For m2crypto, consider disabling the use of PKCS#1 v1.5 for RSA key exchange until a patch is available. Restrict access to the RSA decryption API to minimize the risk of exploitation. As a temporary workaround, avoid using the DecryptPKCS1v15SessionKey function in the crypto/rsa API until the issue is resolved. It is recommended to stop using RSA PKCS#1 v1.5 encryption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.