CVE-2024-26306

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-385
View all →

Vulnerability Description

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Related Vulnerabilities

CVE-2018-10844

MEDIUM
CVSS:5.9(Medium)

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recove...

CWE-3852018

CVE-2018-10845

MEDIUM
CVSS:5.9(Medium)

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recov...

CWE-3852018

CVE-2019-3732

MEDIUM
CVSS:5.9(Medium)

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1....

CWE-3852019

CVE-2020-25657

MEDIUM
CVSS:5.9(Medium)

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. Th...

CWE-3852020

CVE-2020-25658

MEDIUM
CVSS:5.9(Medium)

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

CWE-3852020

CVE-2020-25659

MEDIUM
CVSS:5.9(Medium)

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

CWE-3852020