urlscan.io logo urlscan.io
SecurityTrails logo

mbed-tls.readthedocs.io Open in urlscan Pro
2606:4700::6811:2052  Public Scan

Back to summary
Submitted URL: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1
Effective URL: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/
Submission: On January 25 via api from US — Scanned from DE

Form analysis 2 forms found in the DOM

GET ../../../search/

<form id="rtd-search-form" class="wy-form" action="../../../search/" method="get">
  <input type="text" name="q" placeholder="Search docs">
  <input type="hidden" name="check_keywords" value="yes">
  <input type="hidden" name="area" value="default">
</form>

GET //readthedocs.org/projects/mbed-tls/search/

<form id="flyout-search-form" class="wy-form" target="_blank" action="//readthedocs.org/projects/mbed-tls/search/" method="get">
  <input type="text" name="q" aria-label="Dokumente durchsuchen" placeholder="Dokumente durchsuchen">
</form>

Text Content

Mbed TLS
latest


Contents

 * Reviews
 * Roadmap
 * Long-term plans for Mbed TLS
 * Tech Updates / Security Advisories
   * Advisories
     * Buffer overread in DTLS ClientHello parsing
     * Double Free in mbedtls_ssl_set_session() in an error case.
     * Local side channel attack on static Diffie-Hellman with Montgomery curves
     * Local side channel attack on RSA
       * Vulnerability
       * Impact
       * Resolution
       * Work-around
     * Protocol weakness in DHE-PSK key exchange
     * Local side channel attack on RSA and static Diffie-Hellman
     * Local side channel attack on classical CBC decryption in (D)TLS
     * Side-channel attack on ECC key import and validation
     * Side channel attack on ECDSA
     * Cache attack against RSA key import in SGX
     * Side channel attack on ECDSA
     * Side channel attack on deterministic ECDSA
     * Mbed TLS Security Advisory 2018-03
     * Mbed TLS Security Advisory 2018-02
     * mbed TLS Security Advisory 2018-01
     * mbed TLS Security Advisory 2017-02
     * mbed TLS Security Advisory 2017-01
     * mbed TLS Security Advisory 2015-01
     * PolarSSL Security Advisory 2014-04
     * PolarSSL Security Advisory 2014-03
     * PolarSSL Security Advisory 2014-02
     * PolarSSL Security Advisory 2014-01
     * PolarSSL Security Advisory 2013-05
     * PolarSSL Security Advisory 2013-04
     * PolarSSL Security Advisory 2013-03
     * PolarSSL Security Advisory 2013-02
     * PolarSSL Security Advisory 2013-01
     * PolarSSL Security Advisory 2012-01
     * PolarSSL Security Advisory 2011-02
     * PolarSSL Security Advisory 2011-01
 * Mbed TLS Maintainers
 * Contributing to This Documentation
 * Knowledge Base

Mbed TLS
 * »
 * Tech Updates / Security Advisories »
 * Local side channel attack on RSA
 * Edit on GitHub

--------------------------------------------------------------------------------


LOCAL SIDE CHANNEL ATTACK ON RSA

Title

Local side channel attack on RSA

CVE

(none)

Date

7th of July, 2021

Affects

All versions of Mbed TLS

Impact

A powerful local attacker can extract the private key

Severity

High

Credit

Zili Kou, Wenjian He, Sharad Sinha, and Wei Zhang


VULNERABILITY

The modular exponentiation operation in RSA uses a sliding window algorithm,
with a memory access pattern that depends on the bits of the secret key.

Exponent blinding is used as a counter-measure: it prevents an attacker from
correlating informations gathered on successive operation, but researchers found
a way to recover enough information by observing a single operation, therefore
by-passing this counter-measure.


IMPACT

An attacker with access to precise enough timing and memory access information
(typically an untrusted operating system attacking a secure enclave such as SGX
or the TrustZone secure world) can recover the private keys used in RSA.


RESOLUTION

Affected users will want to upgrade to Mbed TLS 3.0.0, 2.27.0 or 2.16.11
depending on the branch they’re currently using.


WORK-AROUND

None.

Previous Next

--------------------------------------------------------------------------------

Build, scale, and transform apps with MongoDB Atlas in the cloud. Try MongoDB
Atlas for free.
Ad by EthicalAds   ·   Host ads

© Copyright The Mbed TLS Contributors. Revision 11105879.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: latest
Versionen latest Auf Read the Docs Projektstartseite Erstellungsprozesse
Downloads Auf GitHub Ansehen Bearbeiten Suche


--------------------------------------------------------------------------------

Bereitgestellt von Read the Docs · Datenschutz-Bestimmungen