iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
Metrics
Affected Vendors & Products
References
History
Tue, 20 Aug 2024 04:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-05-13T00:00:00
Updated: 2024-08-22T18:33:00.542Z
Reserved: 2024-02-16T00:00:00
Link: CVE-2024-26306
Vulnrichment
Updated: 2024-08-02T00:07:19.440Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:08:51.197
Modified: 2024-08-20T05:15:12.073
Link: CVE-2024-26306
Redhat