Downgrade attack on TLS 1.3 and vulnerabilities in major TLS libraries:
– the attack leverages a side-channel leak via cache access timings (in OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS)
– it affects all TLS versions, including TLS 1.3
– one requirement for the attack are RSA key exchanges
@infosechandbook Ugh. I did not know about the USENIX 2018 IPSEC/IKE paper referenced as previous work: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf
This looks pretty bad for IKE:
"IKEv1 PSK in aggressive mode can be broken by a passive adversary, and both IKEv1 PSK in main mode and IKEv2 PSK can be broken by an active adversary who acts as a responder."
"[..] we could successfully attack all public key - based variants of IKEv1 and IKEv2 with success probabilities between 7 % and 26% in a single attempt."
mastodon.at is a microblogging site that federates with most instances on the Fediverse.