Author: HollyGraceful Published: 25 October 2022 Last Updated: 03 November 2022
Lucky 13 is a padding oracle vulnerability against CBC-mode ciphers in TLS that utilises a timing side-channel. This issue is due to a flaw within the SSL/TLS specification and is not implementation specific, however implementations may be able to harden against exploitation of this issue and prevent exploitation by removing the timing side-channel.
To perform this attack an attacker is required to perform an interception attack and successful exploitation would allow plaintext to be recovered from the encrypted communication, however the amount of plaintext that can be recovered is dependent on the implementation used. For example, vulnerable versions of OpenSSL allow for full plaintext recovery whereas vulnerable GnuTLS implementations only allow for a partial recovery.
Whilst software updates have been released for many vulnerable implementations it should be noted that this issue affects CBC-mode ciphers and the use of CBC-mode ciphers is discouraged.
Therefore, it is recommend that:
- All CBC-mode ciphers are disabled in favour of more secure alternatives such as GCM-mode and CCM-mode ciphers.