Upstream information
Description
The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4 |
Vector | AV:N/AC:H/Au:N/C:P/I:P/A:N |
Access Vector | Network |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | None |
- openSUSE-SU-2013:0289-1, published Wed, 13 Feb 2013 10:04:24 +0100 (CET)
- openSUSE-SU-2013:0289-2, published Thu, 28 Feb 2013 18:28:23 +0100 (CET)