CVE-2013-1624

Published Feb 8, 2013
Last updated 3 months ago
CVSS info 4.0
Overview

Description: The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 4.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-310
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAF60BAE-BA1B-49A3-B594-3B7336F602AD"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFDD300D-43A1-4E72-9BB6-E3141A7B3CF4"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0C5F2A1-BBE1-4EC1-8324-64A8DC19DCE9"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "663B6F4C-1997-4651-ADA0-E061BBCA543F"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "311A950B-0152-4556-B7A0-8A1D355A095D"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8778B34-92B6-41F7-AA5E-55127155C6D1"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E1EAB5C-D9FE-4499-9FF2-D7C498A5CD38"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A14408B-F008-4AFB-A3C4-E468E5D8871B"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EF6CBA3-D974-4D9D-A5C6-5E8CB9C5E7D9"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02092572-B188-4A8E-9745-1E93DEA818BF"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FC51E9F-1B88-499C-B2D1-BC5B1427F5AB"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5FC15CF-FC0E-4E74-9936-546E51C86975"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "318F8819-2E27-4E5C-A62E-DBEE060AACD6"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01B57AD2-B600-4949-91DE-87D3EAEEE01E"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63CE9915-2F36-4EE7-AEAE-7BA641ECAD1B"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E263B817-CA65-40E4-8BC9-D195A0F88E16"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31451E1E-4CCA-4B8B-AEB9-9C8A9918B9C5"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A3438ED-8462-40E5-B433-9F67ED9A9110"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3258C44-1D6E-4019-B332-80505B6B7B4C"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0BB004D-1C69-4B39-890A-AE70D27518A3"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ACBC626-EDBD-4C75-87ED-C78066670140"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C3D8290-1839-4219-87C1-1A10FF5CF835"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E605FF3-E6D8-4364-B098-4265CC490AD2"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E257CDDF-1D45-40F6-AF90-51B455440EA4"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85AA3FAB-F49F-4CC1-86E4-A2BCC90EAA6E"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A8D2C13-72E2-4139-8EF6-2ABB21F6B199"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46AFFBE0-63F9-47E0-BDE4-73E9C3A30D4F"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD114491-F727-4B7D-91C9-C20583035273"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12303E74-5E98-4F98-A21C-11EE30B74FDB"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6F306E2-E7DE-45F9-880B-391F5BABE2C5"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCB1F2FE-E911-438F-8CED-A77055231E7D"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3AB6C8A-F2DD-42F7-B5B6-71E0EC1FCCCC"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FB8EA15-253A-4A29-ACD4-FCCC217CC157"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0961397F-1859-41F9-A817-304D781BB050"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74052375-8653-494A-A4DF-012075DE91CF"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEC6A374-2903-4E0C-A1C7-664B4F61AE92"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F0616EC-61CA-4BF2-B0AA-9904708F35DF"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.38:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03F1FC36-7F65-47F2-A79F-F5EA7D3444D5"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.39:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "875046E1-7001-4D2A-81C4-8F391742AE4A"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40B16203-995B-4813-9D44-0BA044A6618C"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34785221-CC94-4271-9D23-D5259A43AAD1"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B18042B7-F191-4E7A-A35A-560B80C52D62"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.43:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93F59407-2608-4B0B-8EB7-9CA95C92E7F9"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.44:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78B80BCC-BA28-403E-B305-EA8E607B756F"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.45:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E92AD60-8537-4D61-8C89-769D36B34BBE"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.46:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E266FA6-AB05-44BC-8DE1-B009915FFBD9"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.47:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8378040B-25A8-4F2A-B632-E7F91A45DFD6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35AF4B58-7361-4D12-AADA-072A60AB0104"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BFAF5C1-7823-436C-9CA3-056F0A9D51A5"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40259337-03AB-410A-82B7-AFEB4E0C1AD1"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA51EA08-2375-4F1B-8C89-ED18B2C9E683"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD8F22E0-D7C8-4ADA-9312-18F07CEF4ED4"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65F5FE67-E52C-4301-A840-F91A1F5B87B3"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0BB97D9-EADD-47DB-9ABA-A92B43C2A522"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27F9BDF0-E59A-4FD9-B868-BF7342B98B8B"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FF3240B-548F-45A4-BCC8-4E0534619375"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
