ID CVE-2020-25658
Summary It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
References
Vulnerable Configurations
  • cpe:2.3:a:python-rsa_project:python-rsa:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:4.4:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:4.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python-rsa_project:python-rsa:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:python-rsa_project:python-rsa:4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack_platform:16.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openstack_platform:16.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 25-09-2021 - 01:15)
Impact:
Exploitability:
CWE CWE-385
CAPEC
  • Cross-Domain Search Timing
    An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain. For GET requests an attacker could for instance leverage the "img" tag in conjunction with "onload() / onerror()" javascript events. For the POST requests, an attacker could leverage the "iframe" element and leverage the "onload()" event. There is nothing in the current browser security model that prevents an attacker to use these methods to time responses to the attackers' cross domain requests. The timing for these responses leaks information. For instance, if a victim has an active session with their online e-mail account, an attacker could issue search requests in the victim's mailbox. While the attacker is not able to view the responses, based on the timings of the responses, the attacker could ask yes / no questions as to the content of victim's e-mails, who the victim e-mailed, when, etc. This is but one example; There are other scenarios where an attacker could infer potentially sensitive information from cross domain requests by timing the responses while asking the right questions that leak information.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658
misc https://github.com/sybrenstuvel/python-rsa/issues/165
Last major update 25-09-2021 - 01:15
Published 12-11-2020 - 14:15
Last modified 25-09-2021 - 01:15
Back to Top