mbed-tls.readthedocs.io
Open in
urlscan Pro
2606:4700::6811:2052
Public Scan
Submitted URL: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1
Effective URL: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/
Submission: On January 25 via api from US — Scanned from DE
Effective URL: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/
Submission: On January 25 via api from US — Scanned from DE
Form analysis
2 forms found in the DOMGET ../../../search/
<form id="rtd-search-form" class="wy-form" action="../../../search/" method="get">
<input type="text" name="q" placeholder="Search docs">
<input type="hidden" name="check_keywords" value="yes">
<input type="hidden" name="area" value="default">
</form>
GET //readthedocs.org/projects/mbed-tls/search/
<form id="flyout-search-form" class="wy-form" target="_blank" action="//readthedocs.org/projects/mbed-tls/search/" method="get">
<input type="text" name="q" aria-label="Dokumente durchsuchen" placeholder="Dokumente durchsuchen">
</form>
Text Content
Mbed TLS latest Contents * Reviews * Roadmap * Long-term plans for Mbed TLS * Tech Updates / Security Advisories * Advisories * Buffer overread in DTLS ClientHello parsing * Double Free in mbedtls_ssl_set_session() in an error case. * Local side channel attack on static Diffie-Hellman with Montgomery curves * Local side channel attack on RSA * Vulnerability * Impact * Resolution * Work-around * Protocol weakness in DHE-PSK key exchange * Local side channel attack on RSA and static Diffie-Hellman * Local side channel attack on classical CBC decryption in (D)TLS * Side-channel attack on ECC key import and validation * Side channel attack on ECDSA * Cache attack against RSA key import in SGX * Side channel attack on ECDSA * Side channel attack on deterministic ECDSA * Mbed TLS Security Advisory 2018-03 * Mbed TLS Security Advisory 2018-02 * mbed TLS Security Advisory 2018-01 * mbed TLS Security Advisory 2017-02 * mbed TLS Security Advisory 2017-01 * mbed TLS Security Advisory 2015-01 * PolarSSL Security Advisory 2014-04 * PolarSSL Security Advisory 2014-03 * PolarSSL Security Advisory 2014-02 * PolarSSL Security Advisory 2014-01 * PolarSSL Security Advisory 2013-05 * PolarSSL Security Advisory 2013-04 * PolarSSL Security Advisory 2013-03 * PolarSSL Security Advisory 2013-02 * PolarSSL Security Advisory 2013-01 * PolarSSL Security Advisory 2012-01 * PolarSSL Security Advisory 2011-02 * PolarSSL Security Advisory 2011-01 * Mbed TLS Maintainers * Contributing to This Documentation * Knowledge Base Mbed TLS * » * Tech Updates / Security Advisories » * Local side channel attack on RSA * Edit on GitHub -------------------------------------------------------------------------------- LOCAL SIDE CHANNEL ATTACK ON RSA Title Local side channel attack on RSA CVE (none) Date 7th of July, 2021 Affects All versions of Mbed TLS Impact A powerful local attacker can extract the private key Severity High Credit Zili Kou, Wenjian He, Sharad Sinha, and Wei Zhang VULNERABILITY The modular exponentiation operation in RSA uses a sliding window algorithm, with a memory access pattern that depends on the bits of the secret key. Exponent blinding is used as a counter-measure: it prevents an attacker from correlating informations gathered on successive operation, but researchers found a way to recover enough information by observing a single operation, therefore by-passing this counter-measure. IMPACT An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) can recover the private keys used in RSA. RESOLUTION Affected users will want to upgrade to Mbed TLS 3.0.0, 2.27.0 or 2.16.11 depending on the branch they’re currently using. WORK-AROUND None. Previous Next -------------------------------------------------------------------------------- Build, scale, and transform apps with MongoDB Atlas in the cloud. Try MongoDB Atlas for free. Ad by EthicalAds · Host ads © Copyright The Mbed TLS Contributors. Revision 11105879. Built with Sphinx using a theme provided by Read the Docs. Read the Docs v: latest Versionen latest Auf Read the Docs Projektstartseite Erstellungsprozesse Downloads Auf GitHub Ansehen Bearbeiten Suche -------------------------------------------------------------------------------- Bereitgestellt von Read the Docs · Datenschutz-Bestimmungen