Padding oracle in AES-NI CBC MAC check

A decryption vulnerability has been detected for OpenSSL that allows a Man-in-the-Middle (MITM) attack. Using a padding oracle attack (which allows attacker to repeatedly probe for clues in the encrypted content), the attacker will attempt to decrypt traffic when the connection uses AES CBC cipher and the server support AES-NI.

This bug was originally introduced in the 2013 patch of a padding oracle bug called Lucky 13. The fix of Lucky 13 had inadvertently caused OpenSSL to stop checking other types of oracle attacks.


CVE Number

Recommended Action

  • OpenSSL 1.0.1 users should upgrade to 1.0.1t

More Information