CVE-2013-2061
published 2013-11-18CVE-2013-2061: The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a…
PriorityP414low2.6CVSS 2.0
AVNACHAuNCPINAN
EPSS
2.81%
84.8th percentile
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openvpn | < openvpn 2.3.1-1 (bookworm) | openvpn 2.3.1-1 (bookworm) |
| opensuse | opensuse | — | — |
| openvpn | openvpn | <= 2.3.0 | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | >= 0 < 2.3.1-1 | 2.3.1-1 |
| openvpn | openvpn | >= 0 < 2.3.1-1 | 2.3.1-1 |
| openvpn | openvpn | >= 0 < 2.3.1-1 | 2.3.1-1 |
| openvpn | openvpn | >= 0 < 2.3.1-1 | 2.3.1-1 |
| openvpn | openvpn_access_server | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
osv2.6LOW
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenVPN vulnerability
vendor_ubuntu·2014-10-02
CVE-2013-2061 OpenVPN vulnerability
Title: OpenVPN vulnerability
Summary: OpenVPN could be made to expose sensitive information over the network.
It was discovered that OpenVPN incorrectly handled HMAC comparisons when
running in UDP mode. If a remote attacker were able to perform a
machine-in-the-middle attack, this flaw could possibly be used to perform a
plaintext recovery attack.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2013-2061: openvpn - The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when runn...
vendor_debian·2013·CVSS 2.6
CVE-2013-2061 [LOW] CVE-2013-2061: openvpn - The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when runn...
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
Scope: local
bookworm: resolved (fixed in 2.3.1-1)
bullseye: resolved (fixed in 2.3.1-1)
forky: resolved (fixed in 2.3.1-1)
sid: resolved (fixed in 2.3.1-1)
trixie: resolved (fixed in 2.3.1-1)
GHSA
GHSA-j3mr-328w-64j3: The openvpn_decrypt function in crypto
ghsa_unreviewed·2022-05-13
CVE-2013-2061 [LOW] CWE-200 GHSA-j3mr-328w-64j3: The openvpn_decrypt function in crypto
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
OSV
CVE-2013-2061: The openvpn_decrypt function in crypto
osv·2013-11-18·CVSS 2.6
CVE-2013-2061 [LOW] CVE-2013-2061: The openvpn_decrypt function in crypto
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-2061 openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt
bugzilla·2013-05-06·CVSS 2.6
CVE-2013-2061 [LOW] CVE-2013-2061 openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt
CVE-2013-2061 openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt
According to the upstream security report [1] the following flaw was found in OpenVPN 2.3.0 and earlier:
OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementation of the crypto library, optimistically at a rate of about one character per 3 hours. PolarSSL seems vulnerable to such an attack; the vulnerability of OpenSSL has not been verified or tested.
OpenVPN servers are typically configured to silently drop packets with the wrong HMAC. For this reason measuring the processing time of the packets is not trivial
Bugzilla
CVE-2013-2061 openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt [fedora-all]
bugzilla·2013-05-06·CVSS 2.6
CVE-2013-2061 [LOW] CVE-2013-2061 openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt [fedora-all]
CVE-2013-2061 openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Bugzilla
CVE-2013-2061 openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt [epel-all]
bugzilla·2013-05-06·CVSS 2.6
CVE-2013-2061 [LOW] CVE-2013-2061 openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt [epel-all]
CVE-2013-2061 openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when availabl
arXiv
Empirical Analysis of Software Vulnerabilities Causing Timing Side Channels
arxiv_fulltext·2023-08-23
Empirical Analysis of Software Vulnerabilities Causing Timing Side Channels
Empirical Analysis of Software Vulnerabilities Causing Timing Side Channels
M. Mehdi Kholoosi12,
M. Ali Babar12,
Cemal Yilmaz3
1 School of Computer Science, CREST, The University of Adelaide, Adelaide, Australia
2 Cyber Security Cooperative Research Centre, Australia
3 Faculty of Engineering and Natural Sciences, Sabanci University, Istanbul, 34956, Turkey
Emails: [email protected], [email protected], [email protected]
## Abstract
Timing attacks are considered one of the most damaging side-channel attacks. These attacks exploit timing fluctuations caused by certain operations to disclose confidential information to an attacker. For instance, in asymmetric encryption, operations such as multiplication and division can cause time-varying execution times th
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00012.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00016.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:167http://www.openwall.com/lists/oss-security/2013/05/06/6https://bugs.gentoo.org/show_bug.cgi?id=468756https://bugzilla.redhat.com/show_bug.cgi?id=960192https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cchttps://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2eehttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00012.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00016.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:167http://www.openwall.com/lists/oss-security/2013/05/06/6https://bugs.gentoo.org/show_bug.cgi?id=468756https://bugzilla.redhat.com/show_bug.cgi?id=960192https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cchttps://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee
2013-11-18
Published