1. Home
  2. Vulnerabilities
  3. CVE-2013-1624

CVE-2013-1624

CVSS v2.0 4 (Medium)
40% Progress
EPSS 0.38 % (73th)
0.38% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Graph Web & Social Timeline

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Weaknesses
CWE-310
Cryptographic Issues
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2013-02-08 19:55:01
(11 years ago)
Updated Date
2018-10-30 16:26:49
(5 years ago)

Affected Products

Bouncycastle

Configuration #1

    CPE23 From Up To
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.01 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.01
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.02 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.02
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.03 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.03
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.04 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.04
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.05 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.05
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.06 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.06
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.07 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.07
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.08 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.08
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.09 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.09
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.10 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.10
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.11 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.11
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.12 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.12
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.13 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.13
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.14 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.14
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.15 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.15
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.16 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.16
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.17 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.17
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.18 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.18
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.19 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.19
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.20 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.20
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.21 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.21
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.22 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.22
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.23 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.23
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.24 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.24
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.25 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.25
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.26 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.26
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.27 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.27
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.28 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.28
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.29 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.29
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.30 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.30
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.31 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.31
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.32 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.32
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.33 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.33
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.34 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.34
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.35 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.35
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.36 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.36
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.37 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.37
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.38 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.38
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.39 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.39
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.40 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.40
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.41 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.41
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.42 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.42
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.43 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.43
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.44 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.44
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.45 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.45
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.46 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.46
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.47 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.47

Configuration #2

    CPE23 From Up To
  Bouncycastle Legion-of-the-bouncy-castle-c#-cryptography-api 0.0 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\%23-cryptography-api:0.0
  Bouncycastle Legion-of-the-bouncy-castle-c#-cryptography-api 1.0 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\%23-cryptography-api:1.0
  Bouncycastle Legion-of-the-bouncy-castle-c#-cryptography-api 1.1 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\%23-cryptography-api:1.1
  Bouncycastle Legion-of-the-bouncy-castle-c#-cryptography-api 1.2 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\%23-cryptography-api:1.2
  Bouncycastle Legion-of-the-bouncy-castle-c#-cryptography-api 1.3 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\%23-cryptography-api:1.3
  Bouncycastle Legion-of-the-bouncy-castle-c#-cryptography-api 1.4 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\%23-cryptography-api:1.4
  Bouncycastle Legion-of-the-bouncy-castle-c#-cryptography-api 1.5 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\%23-cryptography-api:1.5
  Bouncycastle Legion-of-the-bouncy-castle-c#-cryptography-api 1.6.1 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\%23-cryptography-api:1.6.1
  Bouncycastle Legion-of-the-bouncy-castle-c#-cryptography-api 1.7 cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\%23-cryptography-api:1.7