TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit

From: Martin Vuagnoux (bugtraqat_private)
Date: Wed Mar 26 2003 - 04:53:49 PST

Next message: Dr. Peter Bieringer: "Re: [Full-Disclosure] Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible"

Previous message: Martin O'Neal: "Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue"
In reply to: Roman Medina: "IIS 5.0 WebDAV -Proof of concept-. Fully documented."
Next in thread: Martin Vuagnoux: "TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
Here you can find the tool used to make a "proof of concept" for the
Vaudenay's TLS Timing Attack for < OpenSSL/9.7a. (CAN-2003-78)
BID REF: 6884

                            http://omen.vuagnoux.com

This attack was tested on a IMAPrev4 server (WU) encapsuled by
stunnel-3.22 using OpenSSL/9.7 and Microsoft Outlook Express 6.x IMAP
client.

Enjoy :^)

Martin Vuagnoux - ilion's lab member - www.ilionsecurity.ch

Next message: Dr. Peter Bieringer: "Re: [Full-Disclosure] Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible"
Previous message: Martin O'Neal: "Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue"
In reply to: Roman Medina: "IIS 5.0 WebDAV -Proof of concept-. Fully documented."
Next in thread: Martin Vuagnoux: "TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 08:21:07 PST